Certificate Spoofing Vulnerability in Cisco AnyConnect Secure Mobility Client

Certificate Spoofing Vulnerability in Cisco AnyConnect Secure Mobility Client

CVE-2012-2498 · MEDIUM Severity

AV:N/AC:H/AU:N/C:P/I:P/A:N

Cisco AnyConnect Secure Mobility Client 3.0 through 3.0.08066 does not ensure that authentication makes use of a legitimate certificate, which allows user-assisted man-in-the-middle attackers to spoof servers via a crafted certificate, aka Bug ID CSCtz29197.

Learn more about our Cis Benchmark Audit For Server Software.