CVE-2017-6788

Name of the Vulnerable Software and Affected Versions Cisco AnyConnect Secure Mobility Client Software version 98.89(40)

Description The issue is related to the WebLaunch functionality, which contains a flaw that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. This is due to insufficient input validation of some parameters passed to the WebLaunch function. An attacker could exploit this by convincing a user to access a malicious link or by intercepting a user request and injecting malicious code.

Recommendations For version 98.89(40), consider disabling the WebLaunch functionality until a patch is available to prevent potential XSS attacks. Restrict access to the WebLaunch function to minimize the risk of exploitation. Avoid using parameters that are passed to the WebLaunch function in a way that could allow malicious code injection until the issue is resolved.