HTTP: Cisco AnyConnect VPN Client ActiveX
This signature detects attempts to use unsafe ActiveX controls in Cisco AnyConnect VPN. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.
Extended Description
Cisco AnyConnect Secure Mobility Client is prone to a vulnerability that allows attackers to run an arbitrary executable. An attacker can exploit this issue by using social engineering techniques to coerce unsuspecting users to download and execute arbitrary applications. This issue is tracked by Cisco Bug IDs CSCsy00904 and CSCsy05934.
Affected Products
Cisco anyconnect_secure_mobility_client
References
BugTraq: 48081
CVE: CVE-2011-2039
URL: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac
Short Name
HTTP:STC:ACTIVEX:CISCO-VPN
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
ActiveX AnyConnect CVE-2011-2039 CVE-2012-2494 Cisco Client VPN bid:48081
Release Date
06/07/2011
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Cisco
CVSS Score
7.6
4.3