Cisco AnyConnect Secure Mobility Client VPN Downgrade
Medium Nessus Plugin ID 59819
SynopsisThe remote host has software installed that is affected by a software downgrade vulnerability.
DescriptionThe remote host has a version of Cisco AnyConnect < 2.5 MR6 / 3.0 MR8.
Such versions are potentially affected by a software downgrade vulnerability. The WebLaunch VPN downloader implementation does not compare timestamps of offered software to install with currently installed software, which may allow remote attackers to downgrade the software via ActiveX or Java components.
SolutionUpgrade to Cisco AnyConnect Secure Mobility Client 2.5 MR6 / 3.0 MR8 or greater.