Thursday 05 November 2020
The impact of this issue announcement is critical. Please act accordingly to rectify the issue, as stated below.
Cisco AnyConnect Secure Mobility Client
What you need to know:
Arbitrary code execution vulnerability found on Cisco AnyConnect Secure Mobility Client.
An attacker could exploit this vulnerability by sending crafted IPC messages to the AnyConnect client IPC listener.
Actions to be taken:
To verify the Bypass Downloader configuration on a VPN client system, open the AnyConnectLocalPolicy.xml file and look for the following line:
If Bypass Downloader is set to false, as in the preceding example, Bypass Downloader is disabled and the device is affected by this vulnerability. If Bypass Downloader is set to true, Bypass Downloader is enabled and the device is not affected by this vulnerability.
What is the impact of not doing the action?
Local Attacker could target Anyconnect User to execute a malicious script.
The affected products are listed below:
- AnyConnect Secure Mobility Client for Linux
- AnyConnect Secure Mobility Client for MacOS
- AnyConnect Secure Mobility Client for Windows