CVE-2021-1258
Description
A vulnerability in the upgrade component of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker with low privileges to read arbitrary files on the underlying operating system (OS) of an affected device. The vulnerability is due to insufficient file permission restrictions. An attacker could exploit this vulnerability by sending a crafted command from the local CLI to the application. A successful exploit could allow the attacker to read arbitrary files on the underlying OS of the affected device. The attacker would need to have valid user credentials to exploit this vulnerability.
Risk Information
Base Score
5.5
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.045
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerability CVE-2014-3314,CVE-2021-1258 are affected in Cisco AnyConnect Secure Mobility Client For Windows 4.9.03047 | Windows |
| Vulnerabilities CVE-2021-1258,CVE-2024-20474 are affected in Cisco AnyConnect Secure Mobility Client For Windows 4.9.03047 | Windows |
| Vulnerabilities CVE-2021-1258,CVE-2024-20474 are affected in Any Connect (Microsoft Store) 4.9.03047 | Windows |
| Improper Privilege Management Vulnerability (CVE-2021-1258) | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-338372 | Cisco AnyConnect Secure Mobility Client (4.10.08029) (Manual Upload Required) |
| PATCH-338372 | Cisco AnyConnect Secure Mobility Client (4.10.08029) (Manual Upload Required) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234