Cisco Anyconnect Secure Mobility Client For Windows 7

broken image


A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client Software could allow an authenticated, local attacker to cause a targeted AnyConnect user to execute a malicious script. Free vpn cisco client download. The vulnerability is due to a lack of authentication to the IPC listener. An attacker could exploit this vulnerability by sending crafted IPC messages to the AnyConnect. This is a maintenance release that includes the following features and enhancements, and that resolves the defects described in AnyConnect 4.7.01076. Support for management VPN tunnel in macOS—(Requires ASDM 7.10.1) Ensures connectivity to the corporate network whenever the client system is powered up, not just when a VPN connection is established by the end user.

Current Description

Cisco anyconnect secure mobility client for windows 7 32-bit

A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device if the VPN Posture (HostScan) Module is installed on the AnyConnect client. This vulnerability is due to insufficient validation of resources that are loaded by the application at run time. An attacker could exploit this vulnerability by sending a crafted IPC message to the AnyConnect process. A successful exploit could allow the attacker to execute arbitrary code on the affected machine with SYSTEM privileges. To exploit this vulnerability, the attacker needs valid credentials on the Windows system.


Analysis Description

A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device if the VPN Posture (HostScan) Module is installed on the AnyConnect client. This vulnerability is due to insufficient validation of resources that are loaded by the application at run time. Cisco anyconnect secure mobility client download ubuntu. An attacker could exploit this vulnerability by sending a crafted IPC message to the AnyConnect process. A successful exploit could allow the attacker to execute arbitrary code on the affected machine with SYSTEM privileges. To exploit this vulnerability, the attacker needs valid credentials on the Windows system.

Severity

CVSS 3.x Severity and Metrics:
Anyconnect

A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device if the VPN Posture (HostScan) Module is installed on the AnyConnect client. This vulnerability is due to insufficient validation of resources that are loaded by the application at run time. An attacker could exploit this vulnerability by sending a crafted IPC message to the AnyConnect process. A successful exploit could allow the attacker to execute arbitrary code on the affected machine with SYSTEM privileges. To exploit this vulnerability, the attacker needs valid credentials on the Windows system.


Analysis Description

A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device if the VPN Posture (HostScan) Module is installed on the AnyConnect client. This vulnerability is due to insufficient validation of resources that are loaded by the application at run time. Cisco anyconnect secure mobility client download ubuntu. An attacker could exploit this vulnerability by sending a crafted IPC message to the AnyConnect process. A successful exploit could allow the attacker to execute arbitrary code on the affected machine with SYSTEM privileges. To exploit this vulnerability, the attacker needs valid credentials on the Windows system.

Severity

CVSS 3.x Severity and Metrics:
NIST:NVD
Vector:Cisco Systems, Inc.

Cisco Anyconnect Secure Mobility Client For Windows 7 64

Vector:NVD
Vector:HyperlinkResourcehttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-dll-hijac-JrcTOQMCVendor Advisory

Cisco Anyconnect Secure Mobility Client Download Windows 7 Filehippo

Weakness Enumeration

CWE-IDCWE NameSource
CWE-347Improper Verification of Cryptographic SignatureCisco Systems, Inc.

Anyconnect Vpn Client Download Windows 10

Known Affected Software Configurations Switch to CPE 2.2

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.
 Cisco quick vpn client download.

Cisco Anyconnect Secure Mobility Client For Windows 7 Downloads

Change History

1 change records found show changes




broken image
PreviousNext
Cookie Use
We use cookies to improve browsing experience, security, and data collection. By accepting, you agree to the use of cookies for advertising and analytics. You can change your cookie settings at any time. Learn More
Accept all
Settings
Decline All
Cookie Settings
Necessary Cookies
These cookies enable core functionality such as security, network management, and accessibility. These cookies can’t be switched off.
Analytics Cookies
These cookies help us better understand how visitors interact with our website and help us discover errors.
Preferences Cookies
These cookies allow the website to remember choices you've made to provide enhanced functionality and personalization.
Save