MacOSX Cisco AnyConnect Secure Mobility Client Multiple Vulnerabilities

This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.


Synopsis :

The remote host has software installed that is affected by multiple
vulnerabilities.

Description :

The remote host has a version of Cisco AnyConnect < 2.5 MR6 / 3.0 MR8.
Such versions are potentially affected by multiple vulnerabilities :

- The WebLaunch VPN downloader implementation does not
properly validate binaries that are received, which can
allow remote attackers to execute arbitrary code via
ActiveX of Java components. (CVE-2012-2493).

- The WebLaunch VPN downloader implementation does not
compare timestamps of offered software to install with
currently installed software, which may allow remote
attackers to downgrade the software via ActiveX of Java
components. (CVE-2012-2494, CVE-2012-2495).

See also :

http://www.zerodayinitiative.com/advisories/ZDI-12-149/
http://www.zerodayinitiative.com/advisories/ZDI-12-156/
http://archives.neohapsis.com/archives/fulldisclosure/2012-08/0269.html
http://archives.neohapsis.com/archives/fulldisclosure/2012-08/0278.html
http://www.nessus.org/u?b0b6c065

Solution :

Upgrade to Cisco AnyConnect Secure Mobility Client 2.5 MR6 / 3.0 MR8
or greater.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.7
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: MacOS X Local Security Checks

Nessus Plugin ID: 59823 ()

Bugtraq ID: 54107
54108

CVE ID: CVE-2012-2493
CVE-2012-2494
CVE-2012-2495