At Carnegie Mellon University, Cisco AnyConnect is the VPN client available for connecting to Carnegie Mellon’s VPNs. There are two primary VPNs available at CMU: General Use Campus VPN - This split tunnel VPN will encrypt network traffic only going to campus IP addresses. At CMU, there are a number of small computer labs in various campus buildings and residence halls as well as two large public labs available for general use (one located at the north end of campus and one located at the south end) these computer labs offer over 150 computers, including both Windows and Mac-based workstations, as well as scanners, high-capacity laser printers, and color printers. Before you buy, visit our software catalog! Many titles like Microsoft Office, thinkcell and Autodesk are available for download, at no cost. Or, use Virtual Andrew to access a Windows computer with a variety of academic software titles. Through the CONNECT Cellular Program, CMU students receive a 10-15% monthly discount on service through CMU cellular providers. As an added bonus, there are no service or activation fees. CONNECT Cellular Services offers discounts of 10% to 15% off standard pricing and no activation fees. CMU students can keep this discount after graduation. Cellular Services resale program for AT&T Sprint, and Verizon at Central Michigan University.

1. Cmu Anyconnect Free

A few years ago, I published a blog entry called Signed Java Applet Security: Worse than ActiveX? In that entry, I explained the problems that arise when a vulnerability is discovered in a signed Java applet. Let's see how the Cisco AnyConnect vulnerability is affected.

US-CERT Vulnerability Note VU#490097 describes a vulnerability in the Cisco AnyConnect ActiveX and Java clients that allows an attacker to download and execute arbitrary code. The vulnerability note indicates that Cisco has addressed this vulnerability, but what does that actually mean?

To exploit the ActiveX version of AnyConnect, an attacker could create a web page that hosts and uses the vulnerable version of the ActiveX control. Internet Explorer ActiveX users can 'immunize' themselves against the exploit by obtaining and installing the fixed version of the AnyConnect ActiveX. Once an updated version of an ActiveX control has been installed, Internet Explorer is designed to prevent the control from being downgraded.

While Internet Explorer uses the ActiveX version of AnyConnect, other browsers use the Java version. To exploit the Java version of AnyConnect, an attacker could create a web page that hosts and uses the vulnerable version of the signed Java archive. Java will use whichever Java applet is provided by the web server. Even if a user has installed the fixed version of the Java applet, that does not prevent exploitation of the vulnerable one. In other words, simply fixing the Java applet does nothing to protect end users from being exploited.

For the most part, this situation is due to a limitation of the Java runtime and how it handles signed Java applets. However, there has been one significant change since my original blog post on signed Java applet security. As of JRE 6u14, Java supports a blacklist feature. This feature can be used to disable known-vulnerable signed Java applets based on their Manifest hash. The Java blacklist feature is a step toward the protection that ActiveX kill bits give us. One problem with Java blacklists is that Oracle does not currently provide blacklist entries for third-party Java applets. Basically, Oracle is not providing an updated JRE version that disables the vulnerable Cisco AnyConnect Java applet versions.

For additional information about how to protect against the Cisco AnyConnect vulnerability, including setting Java blacklist entries for the vulnerable versions, see US-CERT Vulnerability Note VU#490097.

The Cisco AnyConnect VPN Client is desktop software that secures traffic between your computer and restricted campus services. With the Cisco AnyConnect VPN Client software running in the background, network traffic is automatically routed and encrypted using Datagram Transport Layer Security (DTLS) over SSL or Transport Layer Security (TLS).

Specifications

System Requirements

Cmu Anyconnect Free