Cloud security intelligence for modern infrastructure.

Stay informed

📬 Product updates & blog posts🛡️ CVE alerts & security advisories

Frequency:

Sent from noreply@echelongraph.io · Unsubscribe anytime

Product

Overview
Enterprise
Agents
AI Analyst
Pricing
Compare
vs. Competitors

Resources

CVE Pulse
Compliance Directory
Newsletter
Documentation
Readiness Calculator
Blog

Security Tools

Surface Scanner
AI Security Index
AI Threat Map
Shadow AI Radar
Shadow Engine Map

Company

Design Partners
Changelog
Contact

Legal

Privacy
Terms
Security
DPA

SOC 2 Type IIISO 27001GDPRHIPAA Ready

Home›CVE Pulse›CVE-2012-2494

CVE-2012-2494

NONECVSS 0.0

0.0

The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 and 3.x before 3.0 MR8 does not compare the timestamp of offered software to the timestamp of installed software, which allows remote attackers to force a version downgrade by using (1) ActiveX or (2) Java components to offer signed code that corresponds to an older software release, aka Bug ID CSCtw48681.

📅 Published

June 20, 2012

🔄 Last Modified

April 29, 2026

🔗 References (2)

psirt@ciscohttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac

💥

Dependency Blast Radius

See which npm, PyPI, Go, and Maven packages are affected by CVE-2012-2494

Explore →

Is Your Infrastructure Affected by CVE-2012-2494?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs