CVE-2021-1258

CWE-264CWE-269Improper Privilege Management4 documents4 sources
Severity
5.5MEDIUM
EPSS
0.0%
top 86.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco Anyconnect Secure Mobility ClientMcafee Agent Epolicy Orchestrator ExtensionCisco Cisco Anyconnect Secure Mobility Client
Timeline
PublishedJan 13
Latest updateMay 24

Description

A vulnerability in the upgrade component of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker with low privileges to read arbitrary files on the underlying operating system (OS) of an affected device. The vulnerability is due to insufficient file permission restrictions. An attacker could exploit this vulnerability by sending a crafted command from the local CLI to the application. A successful exploit could allow the attacker to read arbitrary files on the und

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

🔴Vulnerability Details

2
GHSA
GHSA-8f4f-mpwv-cr26: A vulnerability in the upgrade component of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker with low privileges t2022-05-24
CVEList
Cisco AnyConnect Secure Mobility Client Arbitrary File Read Vulnerability2021-01-13

📋Vendor Advisories

1
Cisco
Cisco AnyConnect Secure Mobility Client Arbitrary File Read Vulnerability2021-01-13
CVE-2021-1258 (MEDIUM CVSS 5.5) | A vulnerability in the upgrade comp | cvebase.io