Cisco AnyConnect Secure Mobility Client for Windows DLL and Executable Hijacking Vulnerabilities
CVE-2021-1496

7HIGH

Key Information:

Vendor: Cisco
Status: Cisco Anyconnect Secure Mobility Client
Vendor: CVE Published:; 6 May 2021

Badges

👾 Exploit Exists

Summary

Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or executable files that are used by the application. A successful exploit could allow the attacker to execute arbitrary code on an affected device with SYSTEM privileges. To exploit these vulnerabilities, the attacker must have valid credentials on the Windows system. For more information about these vulnerabilities, see the Details section of this advisory.

Affected Version(s)

Cisco AnyConnect Secure Mobility Client

References

https://tools.cisco.com/security/center/content/CiscoSecu...

vendor-advisoryx_refsource_CISCO

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit known to exist
Aug 3, 2024
Vulnerability published
May 6, 2021
Vulnerability Reserved
Nov 13, 2020