发布日期:2012-08-06
更新日期:2012-08-08
受影响系统:
Cisco AnyConnect Secure Mobility Client 2.3
Cisco AnyConnect Secure Mobility Client 3.0
Cisco AnyConnect Secure Mobility Client 2.5.3046
Cisco AnyConnect Secure Mobility Client 2.5.3041
Cisco AnyConnect Secure Mobility Client 2.5
Cisco AnyConnect Secure Mobility Client 2.3.254
Cisco AnyConnect Secure Mobility Client 2.3.185
描述:
--------------------------------------------------------------------------------
BUGTRAQ ID: 54826
CVE ID: CVE-2012-2499,CVE-2012-2500
Cisco AnyConnect Secure Mobility Client是思科下一代VPN客户端。
Cisco AnyConnect Secure Mobility Client在实现上存在多个安全限制绕过漏洞,成功利用后可允许攻击者执行中间人攻击或模拟受信任服务器。
<*来源:vendor
*>
建议:
--------------------------------------------------------------------------------
厂商补丁:
Cisco
-----
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: