This script is Copyright (C) 2016 Tenable Network Security, Inc.
A VPN application installed on the remote host is affected by a
privilege escalation vulnerability.
The version of Cisco AnyConnect Secure Mobility Client installed on
the remote Windows host is 3.x or 4.x prior to 4.3.4019.0 or 4.4.x
prior to 22.214.171.124. It is, therefore, affected by a privilege
escalation vulnerability due to incorrect permissions of a system
directory at installation time. A local attacker can exploit this, by
creating a specially crafted interprocess communication (IPC) to the
virtual private network (VPN) agent process, to execute commands on
the host with elevated system level privileges.
See also :
Upgrade to Cisco AnyConnect Secure Mobility Client version 4.3.4019.0
/ 126.96.36.199 or later.
Risk factor :
High / CVSS Base Score : 7.2
CVSS Temporal Score : 5.3
Public Exploit Available : false