Is there known malware, which exploits this vulnerability? The attacker should have authentication credentials and successfully authenticate on the system. This vulnerability can be exploited locally.
#CISCO ANYCONNECT SECURE MOBILITY CLIENT .DLL#
dll file and execute arbitrary code on victim's system. A local user can place a specially crafted. For the latest An圜onnect application support for Apple iOS or Android, refer to Apple app support or Google Play support. The vulnerability exists due to insufficient validation of resources that are loaded by the application at run time in the Network Access Manager and Web Security Agent components. Instead, please visit the Cisco An圜onnect Secure Mobility Client resource center. No matter what operating system you or your workplace uses, Cisco enables highly secure connectivity for every device. The vulnerability allows a local user to compromise vulnerable system. The Cisco An圜onnect Secure Mobility Client has raised the bar for end users who are looking for a secure network. This update automatically updates An圜onnect, including the VPN module. Cisco An圜onnect 4.9 MR3 will be released between Novemand November 5, 2020, for all customers across all production release tracks who have the An圜onnect Cloud auto-update feature enabled in settings.
CVSSv3.1: 6.8 ĬWE-ID: CWE-427 - Uncontrolled Search Path Element Cisco An圜onnect Secure Mobility Client - Version 4.9 MR3.