Cisco AnyConnect Secure Mobility Client for Windows DLL and Executable Hijacking Vulnerabilities

The vulnerabilities are not dependent on one another. Exploitation of one of the vulnerabilities is not required to exploit another vulnerability. In addition, a software release that is affected by one of the vulnerabilities may not be affected by the other vulnerabilities.

Details about the vulnerabilities are as follows.

Cisco AnyConnect Secure Mobility Client for Windows Uninstall Executable Hijacking Vulnerability

A vulnerability in the uninstall process of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform an executable hijacking attack on an affected device.

This vulnerability exists because a temporary file with insecure permissions is created during the uninstall process. An attacker could exploit this vulnerability by overwriting the temporary file before it is accessed for execution. A successful exploit could allow the attacker to execute arbitrary code on the affected device with SYSTEM privileges. To exploit this vulnerability, the attacker must have valid credentials on the Windows system.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Bug ID(s): CSCvv43102, CSCvv60844
CVE ID(s): CVE-2021-1426
Security Impact Rating (SIR): High
CVSS Base Score: 7.0
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Cisco AnyConnect Secure Mobility Client for Windows Upgrade DLL Hijacking Vulnerabilities 

Two vulnerabilities in the upgrade process of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device.

These vulnerabilities exist because the application loads a DLL file from a user-writable directory. An attacker could exploit these vulnerabilities by copying a malicious DLL file to a specific directory. A successful exploit could allow the attacker to execute arbitrary code on the affected device with SYSTEM privileges. To exploit these vulnerabilities, the attacker must have valid credentials on the Windows system.

Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.

Bug ID(s): CSCvw16996, CSCvw17005
CVE ID(s): CVE-2021-1427, CVE-2021-1428
Security Impact Rating (SIR): High
CVSS Base Score: 7.0
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Cisco AnyConnect Secure Mobility Client for Windows Upgrade Executable Hijacking Vulnerability 

A vulnerability in the install process of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform an executable hijacking attack on an affected device.

This vulnerability exists because a temporary file with insecure permissions is created during the upgrade process. An attacker could exploit this vulnerability by overwriting the temporary file before it is accessed for execution. A successful exploit could allow the attacker to execute arbitrary code on the affected device with SYSTEM privileges. To exploit this vulnerability, the attacker must have valid credentials on the Windows system.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Bug ID(s): CSCvw18527
CVE ID(s): CVE-2021-1429
Security Impact Rating (SIR): High
CVSS Base Score: 7.0
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Cisco AnyConnect Secure Mobility Client for Windows Upgrade DLL Hijacking Vulnerability 

A vulnerability in the upgrade process of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device.

This vulnerability exists because a temporary file with insecure permissions is created during the upgrade process. An attacker could exploit this vulnerability by overwriting the temporary file before it is accessed for execution. A successful exploit could allow the attacker to execute arbitrary code on the affected device with SYSTEM privileges. To exploit this vulnerability, the attacker must have valid credentials on the Windows system.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Bug ID(s): CSCvw18595
CVE ID(s): CVE-2021-1430
Security Impact Rating (SIR): High
CVSS Base Score: 7.0
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Cisco AnyConnect Secure Mobility Client for Windows Install Executable Hijacking Vulnerability

A vulnerability in the install process of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform an executable hijacking attack on an affected device.

This vulnerability exists because the application loads an executable file from a user-writable directory. An attacker could exploit this vulnerability by copying a malicious executable file to a specific directory, which would be executed when the application is installed or upgraded. A successful exploit could allow the attacker to execute arbitrary code on the affected device with SYSTEM privileges. To exploit this vulnerability, the attacker needs valid credentials on the Windows system.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Bug ID(s): CSCvu77671
CVE ID(s): CVE-2021-1496
Security Impact Rating (SIR): High
CVSS Base Score: 7.0
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2022-36961 : SOLARWINDS ORION PLATFORM VERB SQL INJECTION

CVE-2022-36961 : SOLARWINDS ORION PLATFORM VERB SQL INJECTION

Description A vulnerable component of Orion Platform was vulnerable to SQL Injection, an authenticated attacker could leverage this for privilege

CVE-2022-42302 : VERITAS NETBACKUP UP TO 10.0 NBFSMCLIENT SERVICE SQL INJECTION

CVE-2022-42302 : VERITAS NETBACKUP UP TO 10.0 NBFSMCLIENT SERVICE SQL INJECTION

Description An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable

CVE-2022-39266 : ISOLATED-VM UP TO 4.3.6 API PROTECTION MECHANISM

CVE-2022-39266 : ISOLATED-VM UP TO 4.3.6 API PROTECTION MECHANISM

Description isolated-vm is a library for nodejs which gives the user access to v8’s Isolate interface. In versions 4.3.6 and