Cisco AnyConnect Secure Mobility Client 2.x / 3.x < 3.1(3103) Host Scan Multiple Vulnerabilities
Medium Nessus Plugin ID 66023
SynopsisThe remote host has software installed that is potentially affected by multiple vulnerabilities.
DescriptionThe remote host has a version of Cisco AnyConnect 2.x or 3.x prior to 3.1(3103). It is, therefore, potentially affected by the following vulnerabilities :
- A heap-based buffer overflow error exists in the file 'ciscod.exe'. (CVE-2013-1173 / CSCud14143)
- An unspecified error exists that could allow local privilege escalation attacks.
(CVE-2013-1172 / CSCud14153)
Note that these issues affect only hosts with the 'Host Scan' component deployed.
SolutionUpgrade to Cisco AnyConnect Secure Mobility Client 3.1(3103) or later.