CVE-2012-2499

CVE Database · CVE-2012-2499

CVE-2012-2499

· N/AModified

CVSS v3.1

N/A

EPSS

0.53%

Published

Aug 6, 2012

Modified

Apr 28, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The IPsec implementation in Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 does not verify the certificate name in an X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate, aka Bug ID CSCtz26985.

Weaknesses (CWE)

CWE-310

Affected Products (3)

cisco · anyconnect_secure_mobility_clientvulnerable

References (2)

http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect30/release/notes/anyconnect30rn.html

Vendor Advisory

http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect30/release/notes/anyconnect30rn.html

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs