Cisco issued warnings about multiple security vulnerabilities in its next-generation VPN client an attacker can exploit to inject and execute malicious code and a denial of service (DoS) hole in a series of security appliances.
In one warning, there are multiple security vulnerabilities in Cisco’s next-generation VPN client. Affected products include the AnyConnect Secure Mobility Client, along with Cisco Secure Desktop HostScan for Windows, Mac OS X and Linux. Click here for details on these, including which versions are vulnerable, workarounds and patch information.
In a separate advisory, Cisco said it addressed a DoS vulnerability in its ASA 5500 Series Adaptive Security Appliances (ASA) and Catalyst 6500 Series ASA Services Module (ASASM) that could have allowed a remote, unauthenticated attacker to trigger a restart on an affected device.
Additionally, the company closed a hole in its Cisco Application Control Engine (ACE) software: When running in multicontext mode, users could inadvertently log into an unintended context as the administrator, allowing them to view and change configurations.