CVE-2012-2495

CVE Database · CVE-2012-2495

CVE-2012-2495

· N/AModified

CVSS v3.1

N/A

EPSS

1.40%

Published

Jun 20, 2012

Modified

Apr 28, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The HostScan downloader implementation in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR8 and Cisco Secure Desktop before 3.6.6020 does not compare the timestamp of offered software to the timestamp of installed software, which allows remote attackers to force a version downgrade by using (1) ActiveX or (2) Java components to offer signed code that corresponds to an older software release, aka Bug ID CSCtx74235.

Weaknesses (CWE)

CWE-20

Affected Products (18)

cisco · anyconnect_secure_mobility_clientvulnerable

cisco · secure_desktopvulnerable

References (2)

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac

Vendor Advisory

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs