Hello, welcome to the Thursday, November 5th, 2020 edition of the Sansonet Stormsanders Stormcast.

My name is Johannes Ulrich.

And today I'm recording from Jacksonville, Florida.

Cisco today released a patch for the AnyConnect secure mobility client.

And I think this is a tricky vulnerability.

Really come up with a correct sort of severity rating and how quickly you should patch this.

The CVSS score is 7.3.

So again, you're not super critical.

And Cisco rates it as high.

Now, let me walk you through some of the pros and cons,

why this may or may not be a real important or critical vulnerability for you.

First of all, well, it is arbitrary code execution.

So that definitely puts it up there.

And it's due to the IPC listener not requiring any authentication. However, to exploit this vulnerability, the attacker has to have credentials

on the system for which the attacker would like to exploit the vulnerability on.

So that's a big if here.

And the victim needs to have an active mobility client connection going at the time of the attack.

And then there's this interesting requirement that you're only vulnerable if you have the

auto update feature enabled. So actually, this abling auto update is provided here as a mitigation

for the vulnerability. So in some ways, you can say, hey, if the user has auto update enabled,

then they'll get the new version of

the client, so the vulnerability will be taken care of.

...