- A vulnerability in the code responsible for the self-updating feature of Cisco AnyConnect Secure Mobility Client for Linux and the Cisco AnyConnect Secure Mobility Client for Mac OS X could allow an authenticated, local attacker to execute an arbitrary executable file of its choosing with privileges equivalent to the Linux or Mac OS X root account.
The vulnerability is due to lack of checks in the code for the path and filename of the file being installed. An attacker could exploit this vulnerability by invoking this functionality with a crafted installation file. A successful exploit could allow the attacker to execute commands on the underlying Linux or Mac OS X host with privileges equivalent to the root account.
Cisco has confirmed the vulnerability and software updates are available.
To exploit this vulnerability, an attacker must authenticate and have local access to the targeted device. These access requirements decrease the likelihood of a successful exploit.
This vulnerability can be exploited only on systems running on Linux and Mac OS platforms. Systems on Microsoft Windows platforms are not affected by this vulnerability.
Cisco indicates through the CVSS score that functional code exists; however, the code is not known to bepublicly available.
This issue was reported to the Cisco PSIRT by Mr. Yorick Koster of Securify B.V. We would like to thank Mr. Koster and Securify B.V. for reporting this vulnerability to Cisco and working with us towards a coordinated disclosure.
- Cisco has released bug ID CSCuv11947 for registered users, which contains additional details and an up-to-date list of affected product versions.
Vulnerable ProductsAt the time this alert was first published, Cisco AnyConnect Secure Mobility Client version 4.1(8) was vulnerable. Other versions of Cisco AnyConnect Secure Mobility Client may also be affected.
Products Confirmed Not VulnerableNo other Cisco products are currently known to be affected by these vulnerabilities.
Cisco Anyconnect Mobility Client For Mac
The Cisco AnyConnect Secure Mobility Client can be downloaded for free, however, you need to have client licenses to use it. Client licenses are sold in packs of 25. The connection licenses included in the RV340, RV345, and RV345P are not client licenses. Cisco anyconnect 4 2 vpn client free download - Cisco AnyConnect VPN Client for Linux, Cisco Legacy AnyConnect, Cisco AnyConnect, and many more programs. I have encountered a starange situation with Yosemite and Cisco AnyConnect Secure Mobility Client (version 3.1.002026). If the mac is using the internet connection of the iPhone (via WiFi or USB), when I connect with the client everything stops working, from the Internet to the traffic over the tunnel. Cisco AnyConnect Secure Mobility Client Administrator Guide, Release 4.0; Install and Upgrade Guides. AnyConnect HostScan Migration 4.3.x to 4.6.x; At-a-Glance. Cisco AnyConnect Network Visibility Module At-a-Glance (PDF - 494 KB). AnyConnect VPN Client Troubleshoot TechNote for MAC OSX Machines.
The Cisco AnyConnect Secure Mobility Client can be deployed to remote users by the following methods: Pre-Deploy—New installations and upgrades are done either by the end user, or by using an enterprise software management system (SMS).
- Administrators are advised to apply the appropriate updates.
Administrators are advised to allow only trusted users to access local systems.
Administrators are advised to allow only privileged users to access administration or management systems.
Administrators are advised to monitor affected systems.
- Cisco customers with active contracts can obtain updates through the Software Center at the following link: Cisco. Cisco customers without contracts can obtain upgrades by contacting the Cisco Technical Assistance Center at 1-800-553-2447 or 1-408-526-7209 or via email at [email protected].
Torrent Client For Mac
The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.