Security News > 2020 > November > Cisco Zero-Day in AnyConnect Secure Mobility Client Remains Unpatched

Cisco Zero-Day in AnyConnect Secure Mobility Client Remains Unpatched
2020-11-05 15:16

Cisco has disclosed a zero-day vulnerability - for which there is not yet a patch - in the Windows, macOS and Linux versions of its AnyConnect Secure Mobility Client Software.

"Cisco plans to fix this vulnerability in a future release of Cisco AnyConnect Secure Mobility Client Software."

AnyConnect Secure Mobility Client, a modular endpoint software product, provides a wide range of security services for endpoints.

"In order to successfully exploit this vulnerability, there must be an ongoing AnyConnect session by the targeted user at the time of the attack," according to Cisco.

"An attacker could exploit this vulnerability by sending crafted IPC messages to the AnyConnect client IPC listener," according to Cisco.


News URL

https://threatpost.com/cisco-zero-day-anyconnect-secure-patch/160988/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Cisco 2046 21 1773 1669 288 3751