Strike ID:
E12-4xa01
CVSS:
7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
False Positive:
t
Variants:
1
Year:
2012

Description

This strike exploits a flaw in Ciscos AnyConnect software where a previous version of the software may be loaded which contains known vulnerabilities. Then an attacker may use vulnerabilities in that software for an attack. Since the attacker can control the file that is downloaded, any arbitrary file can be delivered.

CVE

OSVDB

72714