CVE-2021-1237

CWE-4276 documents5 sources
Severity
7.8HIGH
EPSS
0.1%
top 83.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Anyconnect Secure Mobility ClientCisco Cisco Anyconnect Secure Mobility Client
Timeline
PublishedJan 13
Latest updateMay 24

Description

A vulnerability in the Network Access Manager and Web Security Agent components of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL injection attack. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. The vulnerability is due to insufficient validation of resources that are loaded by the application at run time. An attacker could exploit this vulnerability by inserting a configur

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-656q-3mvc-v648: A vulnerability in the Network Access Manager and Web Security Agent components of Cisco AnyConnect Secure Mobility Client for Windows could allow an2022-05-24
CVEList
Cisco AnyConnect Secure Mobility Client for Windows DLL Injection Vulnerability2021-01-13

📋Vendor Advisories

1
Cisco
Cisco AnyConnect Secure Mobility Client for Windows DLL Injection Vulnerability2021-01-14

🕵️Threat Intelligence

2
Talos
Vulnerability Spotlight: Information disclosure vulnerability in macOS SMB server2021-05-19
Talos
Vulnerability Spotlight: Information disclosure vulnerability in macOS SMB server2021-05-19
CVE-2021-1237 (HIGH CVSS 7.8) | A vulnerability in the Network Acce | cvebase.io