SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionAccording to its version and configuration, the Cisco Adaptive Security Appliance (ASA) software running on the remote device is affected by an information disclosure vulnerability due to a failure to protect sensitive data during a Cisco AnyConnect client authentication attempt. An unauthenticated, remote attacker can exploit this, by attempting to authenticate to the Cisco ASA with AnyConnect, to disclose sensitive data, including the ASA software version
Note that the SSL VPN feature must be enabled for the device to be affected by this vulnerability.
SolutionUpgrade to the relevant fixed version referenced in Cisco bug ID CSCuo65775.