Cisco has fixed a zero-day vulnerability found in the Cisco AnyConnect Secure Mobility Client VPN software. The company disclosed the bug in November 2020 without releasing security updates but provided mitigation measures to decrease the attack surface. The vulnerability affects all Windows, Linux, and macOS client versions with vulnerable configurations; however, mobile iOS and Android clients are not impacted. There is no evidence of attackers exploiting it in the wild, but the vulnerability is not remotely exploitable, as it requires local credentials on the end-user device for the attacker to take action on the local system.
Source: https://www.bleepingcomputer.com/news/security/cisco-fixes-6-month-old-anyconnect-vpn-zero-day-with-exploit-code/