This script is Copyright (C) 2017 Tenable Network Security, Inc.
A VPN application installed on the remote host is affected by a
privilege escalation vulnerability.
The version of Cisco AnyConnect Secure Mobility Client installed on
the remote Windows host is 4.0.x prior to 4.3.05017 or 4.4.x prior to
4.4.00243. It is, therefore, affected by a privilege escalation
vulnerability in the Start Before Logon (SBL) module due to
insufficient access controls. A local attacker can exploit this to
open Internet Explorer with SYSTEM level privileges.
Note that the SBL module is not installed by default.
See also :
Upgrade to Cisco AnyConnect Secure Mobility Client version 4.3.05017 /
4.4.00243 or later. Alternatively, either remove the SBL module or set
'UseStartBeforeLogon' to false in the client profile XML file.
Risk factor :
Medium / CVSS Base Score : 6.9
CVSS Temporal Score : 5.7
Public Exploit Available : true