From bleepingcomputer.com
![Cisco fixes 6-month-old AnyConnect VPN zero-day with exploit code](https://www.bleepstatic.com/content/hl-images/2021/05/13/Cisco-headpic.jpg)
Cisco has fixed a six-month-old zero-day vulnerability found in the Cisco AnyConnect Secure Mobility Client VPN software, with publicly available proof-of-concept exploit code.
The company’s AnyConnect Secure Mobility Client allows working on corporate devices connected to a secure Virtual Private Network (VPN) through Secure Sockets Layer (SSL) and IPsec IKEv2 using VPN clients available for all major desktop and mobile platforms.
Cisco disclosed the zero-day bug tracked as CVE-2020-3556 in November 2020 without releasing security updates but provided mitigation measures to decrease the attack surface.