Cisco AnyConnect Secure Mobility Client Software Update Vulnerability
Last Update Date:
21 Jun 2012 10:47
Release Date:
21 Jun 2012
5251
Views
RISK: Medium Risk
TYPE: Security software and application - Security Software & Appliance
Multiple vulnerabilities have been identified in Cisco AnyConnect Secure Mobility Client. A remote user can cause arbitrary code to be executed on the target user's system.
- A remote user can create a specially crafted HTML that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user.
- An input validation flaw allows remote code execution.
- A remote user can cause the target user to download and install an older version of the client software.
- A remote user can trigger a flaw in the 64-bit Java applet to execute arbitrary code.
Impact
- Remote Code Execution
System / Technologies affected
- Versions 2.5.x, 3.0.x
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- The vendor has issued a fix (2.5 MR6, 3.0 MR8).
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac
Vulnerability Identifier
Source
Related Link
Share with