Cisco AnyConnect Secure Mobility Client 4.0.x < 4.3.05017 / 4.4.x < 4.4.00243 SBL Module Privilege Escalation
Medium Nessus Plugin ID 97226
SynopsisA VPN application installed on the remote host is affected by a privilege escalation vulnerability.
DescriptionThe version of Cisco AnyConnect Secure Mobility Client installed on the remote Windows host is 4.0.x prior to 4.3.05017 or 4.4.x prior to 4.4.00243. It is, therefore, affected by a privilege escalation vulnerability in the Start Before Logon (SBL) module due to insufficient access controls. A local attacker can exploit this to open Internet Explorer with SYSTEM level privileges.
Note that the SBL module is not installed by default.
SolutionUpgrade to Cisco AnyConnect Secure Mobility Client version 4.3.05017 / 4.4.00243 or later. Alternatively, either remove the SBL module or set 'UseStartBeforeLogon' to false in the client profile XML file.