This script is Copyright (C) 2017 Tenable Network Security, Inc.
A VPN application installed on the remote host is affected by a
privilege escalation vulnerability.
The version of Cisco AnyConnect Secure Mobility Client installed on
the remote Windows host is prior to 4.4.02034. It is, therefore,
affected by a local privilege escalation vulnerability due to improper
validation of paths and filenames of dynamic-link library (DLL) files
before they are loaded. A local attacker can exploit this, via a
specially crafted DLL file, to escalate privileges and execute
commands with SYSTEM level privileges.
See also :
Upgrade to Cisco AnyConnect Secure Mobility Client version 4.4.02034
Risk factor :
Medium / CVSS Base Score : 6.9
CVSS Temporal Score : 5.7
Public Exploit Available : true