发布日期：2012-06-21
更新日期：2012-06-26

受影响系统：

Cisco Secure Desktop 3.5.841
Cisco Secure Desktop 3.5.841
Cisco Secure Desktop 3.5.1077
Cisco Secure Desktop 3.4.2048
Cisco Secure Desktop 3.2
Cisco Secure Desktop 3.1.1
Cisco Secure Desktop  3.1.1.45
Cisco Secure Desktop  3.1.1.33
Cisco Secure Desktop  3.1
Cisco AnyConnect Secure Mobility Client 3.0.629
Cisco AnyConnect Secure Mobility Client 3.0.629
Cisco AnyConnect Secure Mobility Client 2.5
Cisco AnyConnect Secure Mobility Client 2.3
Cisco AnyConnect Secure Mobility Client  3.0
Cisco AnyConnect Secure Mobility Client  3.0
Cisco AnyConnect Secure Mobility Client  2.5.3046
Cisco AnyConnect Secure Mobility Client  2.5.3046
Cisco AnyConnect Secure Mobility Client  2.5.3041
Cisco AnyConnect Secure Mobility Client  2.5.3041
Cisco AnyConnect Secure Mobility Client  2.5
Cisco AnyConnect Secure Mobility Client  2.3.254
Cisco AnyConnect Secure Mobility Client  2.3.185

描述：

---

BUGTRAQ  ID: 54108
CVE ID: CVE-2012-2495

Cisco AnyConnect Secure Mobility Client是思科下一代VPN客户端。

Cisco AnyConnect Secure Mobility Client 3.0 MR8之前的3.x和Cisco Secure Desktop 3.6.6020之前版本的HostScan下载器没有比较提供的软件和安装的软件的时间戳，通过ActiveX或Java组件提供与旧版本响应的签名代码，远程攻击者可进行强制版本降级。

<*来源：gwslabs.com
  
  链接：http://secunia.com/advisories/49645/
        http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac
*>

建议：

---

厂商补丁：

Cisco
-----
Cisco已经为此发布了一个安全公告（cisco-sa-20120620-ac）以及相应补丁:

cisco-sa-20120620-ac：Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client

链接：http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac

浏览次数：3159
严重程度：0（网友投票）