Synopsis
Cisco AnyConnect Secure Mobility Client 4.1(8) contains a vulnerability that could allow an authenticated, local attacker to elevate privileges on a targeted account.
Description
A vulnerability in the code responsible for the self-updating feature of Cisco AnyConnect Secure Mobility Client for Linux and the Cisco AnyConnect Secure Mobility Client for Mac OS X could allow an authenticated, local attacker to execute an arbitrary executable file of its choosing with privileges equivalent to the Linux or Mac OS X root account.
The vulnerability is due to lack of checks in the code for the path and filename of the file being installed. An attacker could exploit this vulnerability by invoking this functionality with a crafted installation file. A successful exploit could allow the attacker to execute commands on the underlying Linux or Mac OS X host with privileges equivalent to the root account.
Solution
It has been reported that this issue has been fixed, although Cisco has not published any details. They have advised users seeking fixes to contact the normal support channels to do so.