This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.
A VPN application installed on the remote host is affected by a
privilege escalation vulnerability.
The version of Cisco AnyConnect Secure Mobility Client installed on
the remote Windows host is 4.2.x prior to 4.2.5015.0 or 4.3.x prior
to 4.3.2039.0. It is, therefore, affected by a privilege escalation
vulnerability due to incomplete validation of path names and file
names at installation time. A local attacker can exploit this, via a
specially crafted INF file, to install and execute files on the
underlying host with SYSTEM level privileges.
See also :
Upgrade to Cisco AnyConnect Secure Mobility Client version
4.2.5015.0 / 4.3.2039.0 or later.
Risk factor :
High / CVSS Base Score : 7.2
CVSS Temporal Score : 6.0
Public Exploit Available : true