Cisco Anyconnect Secure Mobility Client Desktop App

Cisco AnyConnect Secure Mobility Client 4.7 has been released and is available for download. If you have installed an earlier version of the software, it should automatically upgrade to the latest version. Consequently, Cisco Anyconnect VPN Client is installed in your Windows and it will be available in the Start menu. Follow the below instructions to use Cisco Anyconnect VPN Client on Windows 10 – Open the Start menu and Select Cisco AnyConnect Secure Mobility Client from the list view to launch.

  • A vulnerability in vpnva-6.sys for 32-bit Windows and vpnva64-6.sys for 64-bit Windows of Cisco AnyConnect Secure Mobility Client for Windows Desktop could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system.

    The vulnerability is due to improper validation of user-supplied data. An attacker could exploit this vulnerability by sending a malicious request to the application. A successful exploit could allow the attacker to cause a DoS condition on the affected system.

    There are no workarounds that address this vulnerability.

    This advisory is available at the following link:
    https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-anyconnect-dos
  • Vulnerable Products

    This vulnerability affects Cisco AnyConnect Secure Mobility Client for Windows Desktop. For information about affected software releases, consult the Cisco bug ID(s) at the top of this advisory.

    Products Confirmed Not Vulnerable

    Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability.

    Cisco has confirmed that this vulnerability does not affect the following products:

    • AnyConnect Secure Mobility Client for MacOS or for Linux.
    • AnyConnect Secure Mobility Client for mobile device operating systems such as iOS, Android, and Windows Phone.
Desktop

Cisco Anyconnect Secure Mobility Client Desktop App Download

  • There are no workarounds that address this vulnerability.

  • For information about fixed software releases, consult the Cisco bug ID(s) at the top of this advisory.

    When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page, to determine exposure and a complete upgrade solution.

    In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.

  • The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

Cisco Anyconnect Secure Mobility Client Desktop App Login

  • This vulnerability was discovered by Cesar Cerrudo, Ilja van Sprundel, and Enrique Nissim from IOActive.

    Cisco would like to thank Gert Doering at OpenVPN for reporting this vulnerability.