Intrusion Prevention

Cisco.AnyConnect.VPN.Client.Software.Security.Bypass

Description

This indicates an attack attempt to exploit a Security Bypass vulnerability in Cisco AnyConnect VPN client.
The vulnerability is due to a lack of validation when handling the vpndownloader.exe program. An attacker can exploit this by tricking an unsuspecting user into visiting a malicious webpage, allowing the attacker to downgrade the software to a previous version which is vulnerable to other exploits.

Affected Products

Cisco Systems AnyConnect Secure Mobility Client 2.x prior to 2.5.6005
Cisco Systems AnyConnect Secure Mobility Client 3.0.x prior to 3.0.08057

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.
Security Bypass: Remote attackers can bypass security checking of vulnerable systems.

Recommended Actions

Apply the most recent upgrade or patch from the vendor.
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac

CVE References

CVE-2011-2039 CVE-2012-2494