virus logo Intrusion Prevention

Cisco.AnyConnect.VPN.Client.Software.Security.Bypass

description-logoDescription

This indicates an attack attempt to exploit a Security Bypass vulnerability in Cisco AnyConnect VPN client.
The vulnerability is due to a lack of validation when handling the vpndownloader.exe program. An attacker can exploit this by tricking an unsuspecting user into visiting a malicious webpage, allowing the attacker to downgrade the software to a previous version which is vulnerable to other exploits.

affected-products-logoAffected Products

Cisco Systems AnyConnect Secure Mobility Client 2.x prior to 2.5.6005
Cisco Systems AnyConnect Secure Mobility Client 3.0.x prior to 3.0.08057

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.
Security Bypass: Remote attackers can bypass security checking of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

References

http://www.zerodayinitiative.com/advisories/ZDI-12-149/
ID 33377
Created Oct 18, 2012
Updated Nov 15, 2021
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
CVE ID CVE-2011-2039 CVE-2012-2494
Exploit Prediction Score 75.1%
Default Action drop
Active
Affected OS Windows
Affected App Cisco