Freely subscribe to our NEWSLETTER

This bulletin was written by Vigil@nce : https://vigilance.fr/computer-vulnerability

SYNTHESIS OF THE VULNERABILITY

Impacted products: Cisco AnyConnect Secure Mobility Client.

Severity: 2/4.

Consequences: user access/rights.

Provenance: intranet server.

Confidence: confirmed by the editor (5/5).

Creation date: 17/02/2021.

DESCRIPTION OF THE VULNERABILITY

An attacker can create a malicious VPN Posture Module DLL, and
then put it in the current directory of Cisco AnyConnect Secure
Mobility Client for Windows, in order to execute code.

ACCESS TO THE FULL VIGIL@NCE BULLETIN

https://vigilance.fr/vulnerability/Cisco-AnyConnect-Secure-Mobility-Client-for-Windows-executing-DLL-code-via-VPN-Posture-Module-34606