Cisco AnyConnect Secure Mobility Client 2.x / 3.x < 3.0(629) ATL Buffer Overflow

This script is Copyright (C) 2013-2017 Tenable Network Security, Inc.


Synopsis :

The remote host has software installed that is affected by a buffer
overflow vulnerability.

Description :

The remote host has a version of Cisco AnyConnect 2.x or 3.x prior to
3.1(629). As such, when the VPNAPI COM module calls the ATL framework,
certain input data are not properly validated and could allow a buffer
overflow. This error could lead to arbitrary code execution.

See also :

https://tools.cisco.com/bugsearch/bug/CSCuj58139
http://www.nessus.org/u?e4524ecb
https://tools.cisco.com/security/center/viewAlert.x?alertId=31606
http://www.nessus.org/u?577a8ca4

Solution :

Upgrade to Cisco AnyConnect Secure Mobility Client 3.0(629) or
later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 71464 ()

Bugtraq ID: 63491

CVE ID: CVE-2013-5559

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now