Certificate Spoofing Vulnerability in Cisco AnyConnect Secure Mobility Client
CVE-2012-2498 · MEDIUM Severity
AV:N/AC:H/AU:N/C:P/I:P/A:N
Cisco AnyConnect Secure Mobility Client 3.0 through 3.0.08066 does not ensure that authentication makes use of a legitimate certificate, which allows user-assisted man-in-the-middle attackers to spoof servers via a crafted certificate, aka Bug ID CSCtz29197.
Learn more about our Cis Benchmark Audit For Server Software.