The Latest in IT Security

Cisco Working on Patch for Code Execution Vulnerability in VPN Product

05
Nov
2020
Cisco Working on Patch for Code Execution Vulnerability in VPN Product

image credit: pixabay

The Cisco AnyConnect Secure Mobility Client is designed to provide secure VPN access for remote workers.

According to the networking giant, the product is affected by a flaw, tracked as CVE-2020-3556, that can be exploited by a local, authenticated attacker to cause an AnyConnect user to execute a malicious script.

The vulnerability is related to the lack of authentication for the interprocess communication (IPC) listener. The Linux, Windows and macOS versions of the AnyConnect Secure Mobility Client are affected if both the Auto Update and Enable Scripting settings are enabled. The latter is disabled by default.

Read More

Comments are closed.

Categories

TUESDAY, APRIL 20, 2021
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments