Cisco AnyConnect Secure Mobility Client 4.2.x < 4.2.5015.0 / 4.3.x < 4.3.2039.0 Privilege Escalation Vulnerability
High Nessus Plugin ID 93382
SynopsisA VPN application installed on the remote host is affected by a privilege escalation vulnerability.
DescriptionThe version of Cisco AnyConnect Secure Mobility Client installed on the remote Windows host is 4.2.x prior to 4.2.5015.0 or 4.3.x prior to 4.3.2039.0. It is, therefore, affected by a privilege escalation vulnerability due to incomplete validation of path names and file names at installation time. A local attacker can exploit this, via a specially crafted INF file, to install and execute files on the underlying host with SYSTEM level privileges.
SolutionUpgrade to Cisco AnyConnect Secure Mobility Client version 4.2.5015.0 / 4.3.2039.0 or later.