| CVE ID | CVE-2012-2494 |
| CVSS SCORE | 9.0, AV:N/AC:L/Au:N/C:P/I:P/A:C |
| AFFECTED VENDORS |
Cisco |
| AFFECTED PRODUCTS |
AnyConnect VPN Client |
| VULNERABILITY DETAILS |
The specific flaw exists because the VPN AnyConnect helper program does not check the version number of the vpndownloader.exe program it downloads. As such it is possible to forcefully install an older version of the vpndownloader.exe that is vulnerable to previously patched issues. |
| ADDITIONAL DETAILS |
Cisco has issued an update to correct this vulnerability. More details can be found at:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac |
| DISCLOSURE TIMELINE |
|
| CREDIT | gwslabs.com |
