Thanks to Yorick Koster for publishing details. This is a proof of concept for a path traversal vulnerability in Cisco AnyConnect Secure Mobility Client. Tested with Windows 7 and Windows 10 and AnyConnect version 4.5.x and 4.6.x. For version 4.7.04x and 4.8.x you need to run anypoc_4.7.exe.
Copy the files from anyconnect.zip to C:\anyconnect\
-
search and download "anyconnect-win-4.6.03049-predeploy-k9.zip" from the internet
-
unzip anyconnect-win-4.6.03049-predeploy-k9.zip
-
download 7-zip_portable, https://portableapps.com/apps/utilities/7-zip_portable
-
extract anyconnect-win-4.6.03049-posture-predeploy-k9.msi with 7-zip_portable
-
copy cstub.exe to C:\anyconnect\
Run C:\anyconnect\anypoc.exe
or run C:\anyconnect\anypoc_4.7.exe for version 4.7.04x and above