CVE-2018-0100

Name of the Vulnerable Software and Affected Versions: Cisco AnyConnect Secure Mobility Client (affected versions not specified)

Description: A vulnerability in the Profile Editor could allow an unauthenticated, local attacker to have read and write access to information stored in the affected system. This issue is due to improper handling of XML External Entity (XXE) entries when parsing an XML file. An attacker could exploit this by injecting a crafted XML file with malicious entries, allowing them to read and write files.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.