Cisco advised customers to install patches for its AnyConnect Secure Mobility virtual private network (VPN) client in order to close remote hacking vulnerabilities. When under attack, the AnyConnect client could be deceived into enabling access to malicious sites. The vulnerability could also allow an attacker to execute remote code, using ActiveX or Java. In addition, the company warned of a software downgrade vulnerability that could enable an attacker to reduce the VPN client to an earlier version, enabling it to exploit previously patched vulnerabilities.
Separate versions that support Windows, Linux and Apple OS X were all affected, though Cisco’s versions for Android and the Cisco Cius platform were not perceived to be vulnerable to this particular attack.