Cisco AnyConnect Secure Mobility Client Arbitrary Code Execution Vulnerability

2012-06-20T17:16:52
ID CISCO-SA-20120620-CVE-2012-2496
Type cisco
Reporter Cisco
Modified 2012-07-14T12:08:49

Description

Cisco AnyConnect Secure Mobility Client contains an arbitrary code execution vulnerability. An unauthenticated, remote attacker could execute arbitrary code on systems that have received the 64-bit Java applet that performs the WebLaunch VPN downloader functionality for Cisco AnyConnect Secure Mobility Client. The attacker may supply vulnerable Java components for execution by an end-user. The affected Java component does not perform sufficient input validation and as a result could allow an attacker to deliver arbitrary code to an affected system and execute the code with the privileges of the user's web browser session. To exploit this vulnerability, an attacker must convince a user to visit a malicious web page and execute the vulnerable Java applet. The affected Java applets are not cryptographically signed by Cisco.

Cisco AnyConnect Secure Mobility Client contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system.

The vulnerability is due to insufficient validation of user-supplied input that is received by the 64-bit Java applet that performs the WebLaunch VPN downloader functionality in the affected software. An unauthenticated, remote attacker could exploit this vulnerability by convincing a user to view a malicious website. If successful, the attacker could have the ability to execute arbitrary code with the privileges of the user on the affected system.

Cisco has confirmed this vulnerability in a security advisory and software updates are available.

To exploit the vulnerability, the attacker may provide a link that directs a user to a malicious site and use misleading language or instructions to persuade the user to follow the provided link.

This alert contains CVSS scoring supplied by Cisco, the primary vendor of the affected product. Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.