Cisco has confirmed vulnerablilty in Cisco AnyConnect secure mobility client, patch released

June 21, 2012 by News_desk
Filed under: Computer news, Computer Security

Late Wednesday Cisco released software updates for several versions of the Cisco AnyConnect line of VPN products, also covered under a second notice is the Cisco Application Control Engine appliance. A compromised system could allow an intruder to load malicious software on the system or access network resources that should be secure. The exploits are based on Active-X and Java code that can be embedded in web content.

If you are running any of the AnyConnect clients or Cisco ACE appliances be sure to update them because this is actively being used to gain access to systems. Below is a chart of affected clients courtesy of Cisco System:

Vulnerability	Platform	Affected Versions
Cisco AnyConnect Secure Mobility Client VPN Downloader Arbitrary Code Execution Vulnerability	Microsoft Windows	2.x releases prior to 2.5 MR6
	Linux, Apple MacOS	2.x releases prior to 2.5 MR6 3.0.x releases prior to 3.0 MR8
Cisco AnyConnect Secure Mobility Client VPN Downloader Software Downgrade Vulnerability	Microsoft Windows	2.x releases prior to 2.5 MR6 3.0.x releases prior to 3.0 MR8
	Linux, Apple MacOS X	2.x releases prior to 2.5 MR6 3.0.x releases prior to 3.0 MR8
Cisco AnyConnect Secure Mobility Client and Cisco Secure Desktop HostScan Downloader Software Downgrade Vulnerability	Microsoft Windows	AnyConnect 3.0.x releases prior to 3.0 MR8 Cisco Secure Desktop releases prior to 3.6.6020
	Linux, Apple MacOS X	AnyConnect 3.0.x releases prior to 3.0 MR8 Cisco Secure Desktop releases prior to 3.6.6020
Cisco AnyConnect Secure Mobility Client 64-bit Java VPN Downloader Arbitrary Code Execution Vulnerability	Linux 64-bit	3.0.x releases prior to 3.0 MR7

Full details and patch information on the AnyConnect client issue can be found here:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac
And the Cisco ACE appliance information can be found here:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ace

Tags: ACE, AnyConnect, Cisco, malware, VPN

Comments

Tell me what you're thinking...

Name (required)

Email Address (required)

Website

Speak your mind

Notify me of follow-up comments by email.
Notify me of new posts by email.

Categories

Android OS

Apple IMac/Iphone/Ipad

Cell Phones

Computer news

Computer Security

Computer Tips & Techniques

Interesting Projects

Laptop Repair

Monitor Repair

Acer

Dell

Gateway

Hanns-G

LG Electronics

Mag-Innovision

Optiquest

Other Brands

Polaroid

Samsung

Viewsonic

Westinghouse

Xerox

PC Repair

Printer Repair

Brother

HP

Lexmark

Product Alerts

Product Reviews

Repair How-to's

Choosing the correct parts

Software updates

Special deals

Uncategorized

Useful Software Programs

Archives

2013

2012

2011

2010

2009

Links

Corporate Computer Parts store

Tech Support Forums

Video Library

Recent Posts

Seagate to exit 2.5″ magnetic drive production by 2014

Alert: Evernote site hacked – passwords stolen

ComboFix Anti-malware software compromised

Replacing a broken keyboard on the Dell Latitude D620 and D820 laptop

How to hide apps on Samsung Android 4.XX devices

Recent Comments

Christie Anand on LG L226WTQ-BF Monitor Repair
Christie Anand on LG L226WTQ-BF Monitor Repair
Natalie on How to install Adobe Flash on your Kindle Fire HD
Heather on Dell Optiplex 745 repair
Rob on Samsung Syncmaster 2053BW

Popular Posts

Samsung 214T,204T,226BW,225BW Repair

How to install Adobe Flash on your Kindle Fire HD

Capacitors

LG L196WTQ-BF LCD Monitor Repair

Corporate Computer

Cisco has confirmed vulnerablilty in Cisco AnyConnect secure mobility client, patch released

Share this:

Comments

Categories

Archives

Links

Recent Posts

Recent Comments

Popular Posts