Strix
26.1K

CVE-2012-4655

UnknownEPSS 4.64%

Last modified

CVE-2012-4655 is a vulnerability of currently unknown severity. The WebLaunch feature in Cisco Secure Desktop before 3.6.6020 does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug IDs CSCtz76128 and CSCtz78204.. EPSS estimates a 4.64% chance of exploitation in the next 30 days.

Description

The WebLaunch feature in Cisco Secure Desktop before 3.6.6020 does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug IDs CSCtz76128 and CSCtz78204.

Metrics

EPSS Probability
4.64%

90.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
CiscoSecure Desktop3.1
CiscoSecure Desktop3.1.1
CiscoSecure Desktop3.1.1.27
CiscoSecure Desktop3.1.1.33
CiscoSecure Desktop3.1.1.45
CiscoSecure Desktop3.2
CiscoSecure Desktop3.2.1
CiscoSecure Desktop3.3
CiscoSecure Desktop3.4
CiscoSecure Desktop3.4.1
CiscoSecure Desktop3.4.2
CiscoSecure Desktop3.4.2048
CiscoSecure Desktop3.5
CiscoSecure Desktop3.5.841
CiscoSecure Desktop3.5.1077
CiscoSecure Desktop3.5.2001
CiscoSecure Desktop3.5.2008
CiscoSecure Desktop3.6
CiscoSecure Desktop3.6.181
CiscoSecure Desktop3.6.185
CiscoSecure Desktop3.6.1001
CiscoSecure Desktop3.6.2002
CiscoSecure Desktop3.6.3002
CiscoSecure Desktop3.6.4021
CiscoSecure Desktop3.6.5005

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2012-4655?
The WebLaunch feature in Cisco Secure Desktop before 3.6.6020 does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug IDs CSCtz76128 and CSCtz78204.
How severe is CVE-2012-4655?
Severity scoring for CVE-2012-4655 is pending analysis. The EPSS model estimates a 4.64% probability of exploitation in the next 30 days.
How do I fix CVE-2012-4655?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2012-4655?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST