Mac OS X : Cisco AnyConnect Secure Mobility Client 3.x < 3.1.10010.0 / 4.x < 4.1.4011.0 Arbitrary File Write
Medium Nessus Plugin ID 85542
SynopsisThe remote host is affected by an arbitrary file write vulnerability.
DescriptionThe Cisco AnyConnect Secure Mobility Client installed on the remote Mac OS X host is version 3.x prior to 3.1.10010.0 or 4.x prior to 4.1.4011.0. It is, therefore, affected by a flaw due to improper sanitization of user-supplied input. An unauthenticated, remote attacker can exploit this issue, by convincing a user to connect to a malicious head-end system, to traverse outside a restricted path and thus write or overwrite arbitrary files in the active user's context.
SolutionUpgrade to Cisco AnyConnect Secure Mobility Client version 3.1.10010.0 / 4.1.4011.0 or later.