Cisco Fixes Vulnerabilities in VPN Client, Security Appliances
Networking equipment vendor Cisco Systems released multiple security updates on Wednesday to address vulnerabilities in its AnyConnect Secure Mobility Client, ASA 5500 Series Adaptive Security Appliances, Cisco Catalyst 6500 Series ASA Services Module and Cisco Application Control Engine (ACE) software.
The newly released versions of Cisco AnyConnect Secure Mobility Client -- Cisco's VPN and remote access product for businesses -- address four vulnerabilities located in the software's Web-based downloader components.
AnyConnect Secure Mobility Client updates can be distributed in several ways, one of which involves accessing a website that loads special ActiveX or Java-based downloader components. This is known as a WebLaunch-initiated deployment.
"During a malicious attack, any website that hosted a copy of the vulnerable component could masquerade as a trustworthy site and attempt to convince the user to instantiate the vulnerable component," Cisco explained in a security advisory published on Wednesday.