Cisco AnyConnect Secure Mobility Client for Windows Denial of Service Vulnerability
CVE-2021-1568

5.5MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Anyconnect Secure Mobility Client
Vendor: CVE Published:; 16 June 2021

Badges

👾 Exploit Exists

Summary

A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. This vulnerability is due to uncontrolled memory allocation. An attacker could exploit this vulnerability by copying a crafted file to a specific folder on the system. A successful exploit could allow the attacker to crash the VPN Agent service when the affected application is launched, causing it to be unavailable to all users of the system. To exploit this vulnerability, the attacker must have valid credentials on a multiuser Windows system.

Affected Version(s)

Cisco AnyConnect Secure Mobility Client

References

https://tools.cisco.com/security/center/content/CiscoSecu...

vendor-advisoryx_refsource_CISCO

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit known to exist
Aug 3, 2024
Vulnerability published
Jun 16, 2021
Vulnerability Reserved
Nov 13, 2020