Cisco AnyConnect Secure Mobility Client Local Denial of Service Vulnerability

A vulnerability in the kernel extension for Mac OS X of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker to cause a denial of service (DoS) condition.

The vulnerability is due to insufficient bounds checking. An attacker could exploit this vulnerability by crafting a piece of contiguous data in memory that is read by the client software. An exploit could allow the attacker to cause an OS X kernel panic.

Cisco has confirmed the vulnerability and released software updates.

To exploit this vulnerability, an attacker must authenticate and have local access to the targeted device. These access requirements may reduce the likelihood of a successful exploit.