Cisco AnyConnect Secure Mobility Client 3.1 < 3.1(495) MiTM

Medium Nessus Plugin ID 61518


The remote host has software installed that is vulnerable to man-in-the-middle attacks.


The remote host has a version of Cisco AnyConnect 3.1 prior to 3.1(495). As such, it prompts the user to decide whether or not to proceed when an untrusted certificate is seen. Accepting an untrusted certificate could result in a man-in-the-middle attack.


Upgrade to Cisco AnyConnect Secure Mobility Client 3.1(495) or later.

See Also

Plugin Details

Severity: Medium

ID: 61518

File Name: cisco_anyconnect_3_1_495.nasl

Version: $Revision: 1.2 $

Type: local

Agent: windows

Family: Windows

Published: 2012/08/13

Modified: 2012/08/14

Dependencies: 54953

Risk Information

Risk Factor: Medium


Base Score: 4

Temporal Score: 3

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:cisco:anyconnect_secure_mobility_client

Required KB Items: SMB/cisco_anyconnect/Installed

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2012/08/06

Vulnerability Publication Date: 2012/08/06

Reference Information

CVE: CVE-2012-2498

BID: 54847

OSVDB: 84470