Mac OS X : Cisco AnyConnect Secure Mobility Client 2.x / 3.x < 3.0(629) Multiple Vulnerabilities

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote host has software installed that is affected by multiple
vulnerabilities.

Description :

The remote host has a version of Cisco AnyConnect 2.x or 3.x prior to
3.0(629) and is, therefore, affected by the following vulnerabilities :

- When the client is obtained from the VPN headend using
a web browser, a helper application performs the
download and installation. This helper application does
not verify the authenticity of the downloaded installer,
which could allow an attacker to send malicious code to
the user instead. Note 2.x versions prior to 2.5.3041
are affected by this vulnerability. (CVE-2011-2040)

- When the VPNAPI COM module calls the ATL framework,
certain input data are not properly validated. This
could allow a buffer overflow, which could lead to
arbitrary code execution. (CVE-2013-5559)

See also :

https://tools.cisco.com/bugsearch/bug/CSCsy05934
https://tools.cisco.com/bugsearch/bug/CSCuj58139
http://www.cisco.com/en/US/products/csa/cisco-sa-20110601-ac.html
http://tools.cisco.com/security/center/viewAlert.x?alertId=23243
http://tools.cisco.com/security/center/viewAlert.x?alertId=31606

Solution :

Upgrade to Cisco AnyConnect Secure Mobility Client 3.0(629) or
later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.7
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: MacOS X Local Security Checks

Nessus Plugin ID: 71465 ()

Bugtraq ID: 48081
63491

CVE ID: CVE-2011-2040
CVE-2013-5559