Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Cisco AnyConnect Secure Mobility Client 4.0(2049) Unspecified Out-of-bounds Read Local DoS

Medium

Synopsis

Cisco AnyConnect Secure Mobility Client contains a vulnerability that could allow a local attacker to cause a denial of service condition.

Description

A vulnerability in the kernel extension for Mac OS X of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker to cause a denial of service (DoS) condition.

The vulnerability is due to insufficient bounds checking. An attacker could exploit this vulnerability by crafting a piece of contiguous data in memory that is read by the client software. An exploit could allow the attacker to cause an OS X kernel panic.

Solution

It has been reported that this issue has been fixed, although Cisco has not published any details. They have advised users seeking fixes to contact the normal support channels to do so.