In addition to the arbitrary code execution vulnerability, there are other security concerns affecting the VPN endpoint client. VMware has released patches in June 2012 to fix security issues in its virtualisation products such as ESX, ESi, Workstation and Fusion.
The security flaw is documented in Cisco Bug ID ( CSCtw47523 - for registered users only) and has been assigned Common Vulnerability and Exposure (CVE) ID CVE-2012-2493. Usually, during a WebLaunch initiation, any end user system that visits a website which attempts to instantiate a downloader component will be prompted to install or upgrade Cisco An圜onnect Secure Mobility Client, the vendor explained.īut the vulnerability means an unauthenticated, remote attacker could execute arbitrary code on systems that have received the components that perform the WebLaunch functionality and supply vulnerable ActiveX or Java components for execution by an end user.Īll affected versions of An圜onnect, regardless of how they were deployed onto end-user systems, are susceptible to exploitation, the vendor warned. This web-deploy scenario can be initiated in two ways - standalone initiation and WebLaunch initiation. One way admins install An圜onnect is through web-deploy. “Cisco An圜onnect Secure Mobility Client contains an arbitrary code execution vulnerability,” the vendor said in its advisory section. VPN client – An圜onnect allows remote access and connects to Cisco products such as 5500 Series Adaptive Security Appliances (ASA) and devices that are running Cisco IOS Software.
0 kommentar(er)
