Vulnerabilities > CVE-2012-5429 - Unspecified vulnerability in Cisco VPN Client

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
cisco
nessus

Summary

The VPN driver in Cisco VPN Client on Windows does not properly interact with the kernel, which allows local users to cause a denial of service (kernel fault and system crash) via a crafted application, aka Bug ID CSCuc81669.

Vulnerable Configurations

Part Description Count
Application
Cisco
1
OS
Microsoft
1

Nessus

NASL familyWindows
NASL idCISCO_VPN_CLIENT_UNSUPPORTED.NASL
descriptionThe Cisco VPN client installed on the remote host is no longer supported and is potentially affected by a denial of service vulnerability as well as other unacknowledged security issues. As of July 30, 2012, the vendor no longer provides security fixes for the installed product. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities.
last seen2020-06-01
modified2020-06-02
plugin id64437
published2013-02-03
reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/64437
titleCisco VPN Client Unsupported
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(64437);
  script_version("1.11");
  script_cvs_date("Date: 2019/12/04");

  script_cve_id("CVE-2012-5429");
  script_bugtraq_id(57483);

  script_name(english:"Cisco VPN Client Unsupported");
  script_summary(english:"Checks for Cisco VPN Client");

  script_set_attribute(attribute:"synopsis", value:
"The VPN client installed on the remote Windows host is no longer
supported.");
  script_set_attribute(attribute:"description", value:
"The Cisco VPN client installed on the remote host is no longer
supported and is potentially affected by a denial of service
vulnerability as well as other unacknowledged security issues. As of
July 30, 2012, the vendor no longer provides security fixes for the
installed product.

Lack of support implies that no new security patches for the product
will be released by the vendor. As a result, it is likely to contain
security vulnerabilities.");
  # https://www.cisco.com/c/en/us/products/collateral/security/vpn-client/end_of_life_c51-680819.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f1f130e9");
  # https://tools.cisco.com/security/center/viewAlert.x?alertId=27926
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0607e33c");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Cisco AnyConnect Secure Mobility Client.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-5429");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/01/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/02/03");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:cisco:vpn_client");
  script_set_attribute(attribute:"unsupported_by_vendor", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("cisco_vpn_client_detect.nasl");
  script_require_keys("SMB/CiscoVPNClient/Version");

  exit(0);
}

include("global_settings.inc");
include("misc_func.inc");

ver  = get_kb_item_or_exit("SMB/CiscoVPNClient/Version");
path = get_kb_item_or_exit("SMB/CiscoVPNClient/Path");
port = get_kb_item("SMB/transport");

register_unsupported_product(product_name:"Cisco VPN Client",
                             version:ver, cpe_base:"cisco:vpn_client");

if (report_verbosity > 0)
{
  report =
    '\n  Path              : ' + path +
    '\n  Installed version : ' + ver  +
    '\n  Solution          : Upgrade to Cisco AnyConnect Secure Mobility Client' +
    '\n';
  security_warning(port:port, extra:report);
}
else security_warning(port);