CVE-2012-2493

CVE Database · CVE-2012-2493

CVE-2012-2493

· N/AModified

CVSS v3.1

N/A

EPSS

3.89%

Published

Jun 20, 2012

Modified

Apr 28, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 on Windows, and 2.x before 2.5 MR6 and 3.x before 3.0 MR8 on Mac OS X and Linux, does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug ID CSCtw47523.

Weaknesses (CWE)

CWE-20

Affected Products (34)

cisco · anyconnect_secure_mobility_clientvulnerable

cisco · anyconnect_secure_mobility_client

References (2)

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac

Vendor Advisory

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs

cisco · anyconnect_secure_mobility_clientvulnerable

microsoft · windows

cisco · anyconnect_secure_mobility_clientvulnerable

linux · linux_kernel