Cisco AnyConnect Secure Mobility Client 4.0(2049) OS X Kernel Extension Local DoS
medium Log Correlation Engine Plugin ID 801956
Cisco AnyConnect Secure Mobility Client contains a vulnerability that could allow a local attacker to cause a denial of service condition.
A vulnerability in the kernel extension for Mac OS X of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient bounds checking. An attacker could exploit this vulnerability by crafting a piece of contiguous data in memory that is read by the client software. An exploit could allow the attacker to cause an OS X kernel panic.
It has been reported that this issue has been fixed, although Cisco has not published any details. They have advised users seeking fixes to contact the normal support channels to do so.