Cisco AnyConnect Secure Mobility Client < 3.1(6068) XSS

Medium Nessus Plugin ID 81671


The remote host is affected by a cross-site scripting vulnerability.


The remote host has a version of Cisco AnyConnect installed that is prior to version 3.1.6073.0. It is, therefore, affected by a cross-site scripting vulnerability due to improper validation of user-supplied input when building a path for an applet in a Document Object Model. An attacker can exploit this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site.


Upgrade to Cisco AnyConnect Secure Mobility Client 3.1(6068) or later.

See Also

Plugin Details

Severity: Medium

ID: 81671

File Name: cisco_anyconnect_3_1_6068.nasl

Version: $Revision: 1.1 $

Type: local

Agent: windows

Family: Windows

Published: 2015/03/06

Modified: 2015/03/06

Dependencies: 54953

Risk Information

Risk Factor: Medium


Base Score: 4.3

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:cisco:anyconnect_secure_mobility_client

Required KB Items: installed_sw/Cisco AnyConnect Secure Mobility Client, SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2015/02/02

Vulnerability Publication Date: 2015/02/02

Reference Information

CVE: CVE-2014-8021

BID: 72475

OSVDB: 117894

CISCO-BUG-ID: CSCuq80149, CSCup82990