Pcchillin

**Name of the Vulnerable Software and Affected Versions** Cisco AnyConnect Secure Mobility Client Software for Windows versions prior to 4.4.00243 and 4.3.05017 **Description** The issue is due to insufficient implementation of access controls in the Start Before Logon (SBL) module. An unauthenticated, local attacker could exploit this by opening Internet Explorer, allowing them to use the browser with SYSTEM user privileges. This could enable the execution of privileged commands on the targeted system. **Recommendations** For versions prior to 4.4.00243, update to version 4.4.00243 or later. For versions prior to 4.3.05017, update to version 4.3.05017 or later.