TeamHood 
Cisco AnyConnect Secure Mobility Client VPN software has a vulnerability CVE-2020-3556 who also has an available proof-of-concept exploit code, Now this particular vulnerability has been fixed by CISCO.
CISCO AnyConnect Secure Mobility Client allows users to corporate users to connect to the VPN through SSL and IPsec IKEv2 technologies. Anyconnect client is available for all major operating systems.
Although Cisco disclosed the zero-day bug (CVE-2020-3556) in November 2020 without releasing any security updates but provided mitigation measures to decrease the attack surface.
The Cisco Product Security Incident Response Team (PSIRT) said that for CVE-2020-355 proof-of-concept exploit code is available however there is no evidence of attackers exploiting it in the wild.
User needs to update Cisco AnyConnect Secure Mobility Client Software to the release version 4.10.00093 and later in order to patch the vulnerability.
These new versions also allows individuals to allow/disallow scripts.
Default configuration is not vulnerable to attacks
This high severity vulnerability was found in Cisco AnyConnect Client’s interprocess communication (IPC) channel, and it may allow authenticated and local attackers to execute malicious scripts via a targeted user.
CVE-2020-3556 affects all Windows, Linux, and macOS client versions with vulnerable configurations; however, mobile iOS and Android clients are not impacted.
“A vulnerable configuration requires both the Auto Update setting and Enable Scripting setting to be enabled,” Cisco mentioned in the security advisory. “Auto Update is enabled by default, and Enable Scripting is disabled by default.”
Mitigation Steps
Users who are not able to update the clients can mitigate this vulnerability by toggling off the Auto Update feature.
The attack surface can also be reduced by disabling the Enable Scripting configuration setting on devices where it’s enabled.
