Due to a vulnerability reported in the Cisco AnyConnect client, also known as SSL VPN on campus, Information Services has updated the client package distributed via the SSL VPN system on connection, as well as the package available via the IS website at http://infotech.wsu.edu/security/services/sslVPN/sslclients.html.
Information Services will be implementing a push configuration on Wednesday, Oct. 3 during normal maintenance hours of 4-6 a.m. This will update the clients automatically upon connection to the SSL VPN.
SSL VPN (Secure Sockets Layer virtual private network) provides a secure communications mechanism for data and other information transmitted between an end user and the university. This update to Cisco AnyConnect/SSL VPN is important to anyone that accesses university email or other information from remote locations, or that may have the software installed even though not currently using it.
For those who do not connect to the SSL VPN regularly, IS strongly suggests you visit the IS website at http://infotech.wsu.edu/security/services/sslVPN/sslclients.html and update your AnyConnect/SSL VPN software manually. Under certain conditions, this vulnerability can be exploited without the user’s interaction or active use of the installed software.
For questions or assistance please contact your departmental IT support staff or the Help Desk at 509-335-4357 or helpdesk@wsu.edu.