According to Cisco, the Mobility Client, formerly known as the Cisco AnyConnect VPN Client, is affected by an arbitrary program execution vulnerability and a local privilege escalation vulnerability.