Mac OS X : Cisco AnyConnect Secure Mobility Client 2.x / 3.x < 3.0(629) Multiple Vulnerabilities

This script is Copyright (C) 2013-2017 Tenable Network Security, Inc.

Synopsis :

The remote host has software installed that is affected by multiple

Description :

The remote host has a version of Cisco AnyConnect 2.x or 3.x prior to
3.0(629) and is, therefore, affected by the following vulnerabilities :

- When the client is obtained from the VPN headend using
a web browser, a helper application performs the
download and installation. This helper application does
not verify the authenticity of the downloaded installer,
which could allow an attacker to send malicious code to
the user instead. Note 2.x versions prior to 2.5.3041
are affected by this vulnerability. (CVE-2011-2040)

- When the VPNAPI COM module calls the ATL framework,
certain input data are not properly validated. This
could allow a buffer overflow, which could lead to
arbitrary code execution. (CVE-2013-5559)

See also :

Solution :

Upgrade to Cisco AnyConnect Secure Mobility Client 3.0(629) or

Risk factor :

High / CVSS Base Score : 9.3
CVSS Temporal Score : 7.7
Public Exploit Available : true

Family: MacOS X Local Security Checks

Nessus Plugin ID: 71465 ()

Bugtraq ID: 48081

CVE ID: CVE-2011-2040

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now