Cisco AnyConnect Secure Mobility Client 2.x < 3.1.13015.0 / 4.x < 4.2.1035.0 Arbitrary File Manipulation
Medium Nessus Plugin ID 87894
SynopsisThe remote host is affected by an arbitrary file manipulation vulnerability.
DescriptionThe Cisco AnyConnect Secure Mobility Client installed on the remote host is version 2.x or 3.x prior to 3.1.13015.0 or 4.x prior to 4.2.1035.0. It is, therefore, affected by an arbitrary file manipulation vulnerability due to missing source path validation in interprocess communication (IPC) commands. A local attacker can exploit this, via crafted IPC messages, to move arbitrary files with elevated privileges, resulting in a loss of integrity and a denial of service condition.
SolutionUpgrade to Cisco AnyConnect Secure Mobility Client version 3.1.13015.0 / 4.2.1035.0 or later.