Cisco AnyConnect Secure Mobility Client < 3.1.10010.0 / 4.0.x < 4.0.4013.0 / 4.1.x < 4.1.4011.0 IPC File Write Vulnerability
Medium Nessus Plugin ID 85267
SynopsisThe remote host is affected by an arbitrary file write vulnerability.
DescriptionThe Cisco AnyConnect Secure Mobility Client installed on the remote host is a version prior to 3.1.10010.0, or is version 4.0.x prior to 4.0.4013.0, or version 4.1.x prior to 4.1.4011.0. It is, therefore, affected by a flaw that allows unauthenticated IPC commands to write files. A local, authenticated attacker, using a specially crafted IPC command, can write or overwrite arbitrary files.
SolutionUpgrade to Cisco AnyConnect Secure Mobility Client version 3.1.10010.0 / 4.0.4013.0 / 4.1.4011.0 or later