Cisco AnyConnect Secure Mobility Client and Secure Desktop WebLaunch Software Downgrade Vulnerability

Cisco AnyConnect Secure Mobility Client and Secure Desktop contain a vulnerability that could allow an unauthenticated, remote attacker to replace software components on a targeted system.

The vulnerability exists because the affected software performs insufficient validation of user-supplied input. An unauthenticated, remote attacker could exploit the vulnerability by convincing the user to view a malicious website. If successful, the attacker could cause the affected software to be downgraded to a prior version.

Cisco has confirmed the vulnerability in a security advisory and released software updates.

To exploit the vulnerability, the attacker may provide a link that directs a user to a malicious site and use misleading language or instructions to persuade the user to follow the provided link.

The execution of the ActiveX control of java applet may require little or no user interaction, depending on the user’s browser configuration, because the affected ActiveX controls and Java applets are cryptographically signed by Cisco.

Cisco has corrected this vulnerability by changing the way the WebLaunch component initiation handles downloaded signed code.

Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.