This script is Copyright (C) 2016 Tenable Network Security, Inc.
The remote host is affected by an arbitrary file manipulation
The Cisco AnyConnect Secure Mobility Client installed on the remote
host is version 2.x or 3.x prior to 3.1.13015.0 or 4.x prior to
4.2.1035.0. It is, therefore, affected by an arbitrary file
manipulation vulnerability due to missing source path validation in
interprocess communication (IPC) commands. A local attacker can
exploit this, via crafted IPC messages, to move arbitrary files with
elevated privileges, resulting in a loss of integrity and a denial of
See also :
Upgrade to Cisco AnyConnect Secure Mobility Client version
3.1.13015.0 / 4.2.1035.0 or later.
Risk factor :
Medium / CVSS Base Score : 6.6
CVSS Temporal Score : 6.3
Public Exploit Available : true