Medium
The vulnerability is due to the incorrect handling of directory paths. An attacker could exploit this vulnerability by creating a symbolic link (symlink) to a target file on a specific path. A successful exploit could allow the attacker to corrupt the contents of the file. If the file is a critical systems file, the exploit could lead to a denial of service condition. To exploit this vulnerability, the attacker would need to have valid credentials on the system.
Denial of service
Cisco
Cisco AnyConnect Secure Mobility Client for Mac OS releases earlier than 4.9.00086
Refer to Cisco advisory for the list of affected products and upgraded patches.