Mac OS X : Cisco AnyConnect Secure Mobility Client 3.0.x / 3.1.x Local Privilege Escalation

High Nessus Plugin ID 70259


The remote host has software installed that is vulnerable to privilege escalation attacks.


The remote host has a version of Cisco AnyConnect 3.0.x or 3.1.x. As such, it is vulnerable to a local privilege escalation attack caused by improper permissions on a library directory. This issue could allow a local attacker to execute arbitrary programs with elevated privileges.


The vendor has not released a patch. Consult the workaround provided by the vendor.

See Also

Plugin Details

Severity: High

ID: 70259

File Name: macosx_cisco_anyconnect_priv_esc.nasl

Version: $Revision: 1.2 $

Type: local

Agent: macosx

Published: 2013/10/01

Modified: 2017/05/16

Dependencies: 59822

Risk Information

Risk Factor: High


Base Score: 7.2

Temporal Score: 6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:cisco:anyconnect_secure_mobility_client

Required KB Items: MacOSX/Cisco_AnyConnect/Installed

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2013/09/19

Reference Information

CVE: CVE-2013-1130

BID: 62519

OSVDB: 97524