Cisco AnyConnect is a VPN Client for multiple platforms.
The Cisco AnyConnect Secure Mobility Client is affected by the following vulnerabilities:
- The vulnerability is due to insufficient path traversal protections in certain IPC commands which could allow an attacker to write or overwrite arbitrary files on the filesystem.
- The vulnerability is due to missing input sanitization of certain IPC commands which may allow the attacker to write to arbitrary user-space memory.
Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier
Successful exploitation will allow an attacker to execute arbitrary code, disclose sensitive information and overwrite arbitrary files on the filesystem.
Cisco has confirmed the vulnerability however no patch is available as of now.
Administrators are advised to contact the vendor regarding future updates and releases.