Critical Security Update Available
AnyConnect VPN client โ CVE-2024-20356 (High severity)
โ ๏ธ A vulnerability in the web-based management interface of Cisco AnyConnect could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack and potentially execute arbitrary code on the client system.
Current version
4.10.07073
Target version
4.10.08025 Patch
CVSS Score
8.8 (High)
File size
87.3 MB
Automatic download will start in
5
Cisco Security Advisory ยท Immediate deployment recommended
What this update fixes:
- CVE-2024-20356: Stored XSS leading to session hijacking
- Buffer overflow in VPN tunnel negotiation process
- Improper certificate validation for hostscan
- Memory leak in DART logging component
- Patch for insecure library loading (DLL hijacking)