Cisco AnyConnect Secure Mobility Client < 2.3.254 Multiple Vulnerabilities

This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.


Synopsis :

The VPN client installed on the remote Windows host has multiple
vulnerabilities.

Description :

The version of Cisco AnyConnect Secure Mobility Client installed on
the remote host is earlier than 2.3.254 and may have the following
vulnerabilities :

- When the client is obtained from the VPN headend using
a web browser, a helper application performs the
download and installation. This helper application does
not verify the authenticity of the downloaded installer,
which could allow an attacker to send malicious code to
the user instead. Only versions prior to 2.3.185 are
affected by this vulnerability. (CVE-2011-2039)

- Unprivileged users can elevate to LocalSystem privileges
by enabling the Start Before Logon feature and
performing unspecified actions with the Cisco AnyConnect
Secure Mobility client interface in the Windows logon
screen. (CVE-2011-2041)

See also :

http://www.nessus.org/u?6072ec79
http://www.nessus.org/u?06c90443

Solution :

Upgrade to version 2.3.254 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.7
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 54954 ()

Bugtraq ID: 48077
48081

CVE ID: CVE-2011-2039
CVE-2011-2041

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now