Top

Keyloggers, spyware, and stealers dominate SMB malware detections

SBF likely off the hook for misplaced FTX funds after cops bust SIM swap ring

Carbanak malware returned in ransomware attacks

Read the clouds, reduce the cyber risk

Maximizing cybersecurity on a budget

image credit: Pixabay

Cisco Working on Patch for Code Execution Vulnerability in VPN Product

November 5, 2020

Via: Security Week

Category:

The Cisco AnyConnect Secure Mobility Client is designed to provide secure VPN access for remote workers.

According to the networking giant, the product is affected by a flaw, tracked as CVE-2020-3556, that can be exploited by a local, authenticated attacker to cause an AnyConnect user to execute a malicious script.

The vulnerability is related to the lack of authentication for the interprocess communication (IPC) listener. The Linux, Windows and macOS versions of the AnyConnect Secure Mobility Client are affected if both the Auto Update and Enable Scripting settings are enabled. The latter is disabled by default.

Read More on Security Week

Cisco Working on Patch for Code Execution Vulnerability in VPN Product

Latest Publications

The importance of the Vulnerability Operations Centre for cybersecurity

Hackers Exploit OpenMetadata Flaws to Mine Crypto on Kubernetes

FIN7 targeted a large U.S. carmaker with phishing attacks

Cisco Working on Patch for Code Execution Vulnerability in VPN Product

Previous Article

Next Article

RELATED PUBLICATIONS

Trending

Tags

Latest Publications

The importance of the Vulnerability Operations Centre for cybersecurity

Hackers Exploit OpenMetadata Flaws to Mine Crypto on Kubernetes

FIN7 targeted a large U.S. carmaker with phishing attacks