Cisco has disclosed a zero-day vulnerability in the Windows, MacOS and Linux versions of its AnyConnect Secure Mobility Client Software. The flaw (CVE-2020-3556) is an arbitrary code execution vulnerability with a CVSS score of 7.3 out of 10, making it high severity. There are no workarounds that address this vulnerability, one mitigation is to disable the Auto Update and Enable Scripting features. The vulnerability exists in the interprocess communication (IPC) channel.
Source: https://threatpost.com/cisco-zero-day-anyconnect-secure-patch/160988/