Cisco AnyConnect Secure Mobility Client Software跨站脚本漏洞(CVE-2017-6788)
受影响系统:
Cisco AnyConnect Secure Mobility Client
描述:BUGTRAQ ID: 100364
CVE(CAN) ID: CVE-2017-6788
Cisco AnyConnect Secure Mobility Client是思科下一代VPN客户端。
Cisco AnyConnect Secure Mobility Client Software在WebLaunch功能存在安全漏洞,可使未经身份验证的远程攻击者对受影响软件执行跨站脚本攻击。
<*来源:Adam Willard
链接:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-caw
*>
建议:厂商补丁:
Cisco
-----
Cisco已经为此发布了一个安全公告(cisco-sa-20170816-caw)以及相应补丁:
cisco-sa-20170816-caw:Cisco AnyConnect WebLaunch Cross-Site Scripting Vulnerability
链接:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-caw