Cisco has disclosed a zero-day vulnerability in the Cisco AnyConnect Secure Mobility Client software. The vulnerability was reported to Cisco by Gerbert Roitburd from Secure Mobile Networking Lab (TU Darmstadt) It affects all AnyConnect client versions for Windows, Linux, and macOS with vulnerable configurations. Mobile iOS and Android clients are not impacted by this vulnerability. There are no workarounds available to address the vulnerability, but it can be mitigated by disabling the Auto Update feature.
Source: https://www.bleepingcomputer.com/news/security/cisco-discloses-anyconnect-vpn-zero-day-exploit-code-available/