Cisco AnyConnect Secure Mobility Client < 4.4.02034 Local Privilege Escalation
Medium Nessus Plugin ID 100790
SynopsisA VPN application installed on the remote host is affected by a privilege escalation vulnerability.
DescriptionThe version of Cisco AnyConnect Secure Mobility Client installed on the remote Windows host is prior to 4.4.02034. It is, therefore, affected by a local privilege escalation vulnerability due to improper validation of paths and filenames of dynamic-link library (DLL) files before they are loaded. A local attacker can exploit this, via a specially crafted DLL file, to escalate privileges and execute commands with SYSTEM level privileges.
SolutionUpgrade to Cisco AnyConnect Secure Mobility Client version 4.4.02034 or later.