Cisco AnyConnect Secure Mobility Client VPN Downgrade

This script is Copyright (C) 2012-2016 Tenable Network Security, Inc.


Synopsis :

The remote host has software installed that is affected by a software
downgrade vulnerability.

Description :

The remote host has a version of Cisco AnyConnect < 2.5 MR6 / 3.0 MR8.
Such versions are potentially affected by a software downgrade
vulnerability. The WebLaunch VPN downloader implementation does not
compare timestamps of offered software to install with currently
installed software, which may allow remote attackers to downgrade the
software via ActiveX or Java components.

See also :

http://www.nessus.org/u?b0b6c065

Solution :

Upgrade to Cisco AnyConnect Secure Mobility Client 2.5 MR6 / 3.0 MR8
or greater.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 3.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 59819 ()

Bugtraq ID: 54108

CVE ID: CVE-2012-2494

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now