Vulnslist

find the latest Cisco vulnerabilities

Cisco AnyConnect Secure Mobility Client for Windows DLL and Executable Hijacking Vulnerabilities

cisco-sa-anyconnect-code-exec-jR3tWTA6 · High · Published · Updated

Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or executable files that are used by the application. A successful exploit could allow the attacker to execute arbitrary code on an affected device with SYSTEM privileges. To exploit these vulnerabilities, the attacker must have valid credentials on the Windows system. For more information about these vulnerabilities, see the Details section of this advisory. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-code-exec-jR3tWTA6

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address these vulnerabilities.

CVEsCVE-2021-1426, CVE-2021-1427, CVE-2021-1428, CVE-2021-1429, CVE-2021-1430, CVE-2021-1496
Cisco Bug IDsCSCvv60844, CSCvv43102, CSCvw16996, CSCvw17005, CSCvw18527, CSCvw18595, CSCvu77671
CVSS ScoreBase 7.0
Base 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X
Product Names From Source
Cisco AnyConnect Secure Mobility Client, Cisco Secure Client

Related Products

Product CVE Evidence
Cisco Secure Client CVE-2021-1496 Cisco OpenVuln
Cisco Secure Client CVE-2021-1430 Cisco OpenVuln
Cisco Secure Client CVE-2021-1429 Cisco OpenVuln
Cisco Secure Client CVE-2021-1428 Cisco OpenVuln
Cisco Secure Client CVE-2021-1427 Cisco OpenVuln
Cisco Secure Client CVE-2021-1426 Cisco OpenVuln
Cisco AnyConnect Secure Mobility Client CVE-2021-1496 Cisco OpenVuln
Cisco AnyConnect Secure Mobility Client CVE-2021-1430 Cisco OpenVuln
Cisco AnyConnect Secure Mobility Client CVE-2021-1429 Cisco OpenVuln
Cisco AnyConnect Secure Mobility Client CVE-2021-1428 Cisco OpenVuln
Cisco AnyConnect Secure Mobility Client CVE-2021-1427 Cisco OpenVuln
Cisco AnyConnect Secure Mobility Client CVE-2021-1426 Cisco OpenVuln