Cisco AnyConnect Secure Mobility Client 4.0(2049) Unspecified Out-of-bounds Read Local DoS
Medium Log Correlation Engine Plugin ID 801957
SynopsisCisco AnyConnect Secure Mobility Client contains a vulnerability that could allow a local attacker to cause a denial of service condition.
DescriptionA vulnerability in the kernel extension for Mac OS X of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker to cause a denial of service (DoS) condition.
The vulnerability is due to insufficient bounds checking. An attacker could exploit this vulnerability by crafting a piece of contiguous data in memory that is read by the client software. An exploit could allow the attacker to cause an OS X kernel panic.
SolutionIt has been reported that this issue has been fixed, although Cisco has not published any details. They have advised users seeking fixes to contact the normal support channels to do so.