‫ Cisco AnyConnect VPN Client Two Vulnerabilities

IRCAD2012062015
ID: IRCAD2012062015
Release Date: 2012-06-21
Criticality level: Highly critical
 
Software:
Cisco AnyConnect VPN Client 2.x
Cisco AnyConnect VPN Client 3.x
 
Description:
Two vulnerabilities have been reported in Cisco AnyConnect VPN Client, which can be exploited by malicious people to compromise a user's system.
1) An error within the VPN Downloader update mechanism does not properly authenticate the validity of downloaded executables and can be exploited to download and execute an arbitrary program.
2) An error within the 64-bit Java VPN Downloader update mechanism does not properly authenticate the validity of downloaded executables and can be exploited to download and execute an arbitrary program.
Please see the vendor's advisory for the list of affected versions.
 
Solution
Update to a fixed version.
 
References:
 
Secunia:

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 3 تیر 1391

امتیاز

امتیاز شما
تعداد امتیازها:0