A vulnerability in Cisco AnyConnect for Android and Mac OS X could allow an unauthenticated, remote attacker to force the rendering of an authentication form in the client.
The vulnerability is due to insufficient validation of the type of host to which AnyConnect establishes a connection. An attacker could exploit this issue by convincing a user to connect with AnyConnect to a malicious host. That host would then trick the user into sending valid credentials to the host. If successful, the attacker could discover login credentials for the user.
Cisco has confirmed the vulnerability in a security notice and has released updated software.
To exploit the vulnerability, the attacker may provide a link that directs a user to a malicious site and use misleading language or instructions to persuade the user to follow the provided link.
Cisco indicates through the CVSS score that proof-of-concept exploit code exists; however, the code is not known to be publicly available.