Short Name |
HTTP:STC:ACTIVEX:CISCO-VPN |
---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Cisco AnyConnect VPN Client ActiveX |
Release Date |
2011/06/07 |
Update Number |
1932 |
Supported Platforms |
idp-4.0.110090709+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to use unsafe ActiveX controls in Cisco AnyConnect VPN. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.
Cisco AnyConnect Secure Mobility Client is prone to a vulnerability that allows attackers to run an arbitrary executable. An attacker can exploit this issue by using social engineering techniques to coerce unsuspecting users to download and execute arbitrary applications. This issue is tracked by Cisco Bug IDs CSCsy00904 and CSCsy05934.