This script is Copyright (C) 2015-2017 Tenable Network Security, Inc.
The remote host is affected by an arbitrary file write vulnerability.
The Cisco AnyConnect Secure Mobility Client installed on the remote
host is version 3.x prior to 3.1.10010.0 or 4.x prior to 4.1.4011.0.
It is, therefore, affected by a flaw due to improper sanitization of
user-supplied input. An unauthenticated, remote attacker can exploit
this issue, by convincing a user to connect to a malicious head-end
system, to traverse outside a restricted path and thus write or
overwrite arbitrary files in the active user's context.
See also :
Upgrade to Cisco AnyConnect Secure Mobility Client version
3.1.10010.0 / 4.1.4011.0 or later.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.6
Public Exploit Available : true