CVE-2021-1366

CWE-347CWE-427CWE-4027 documents6 sources
Severity
7.8HIGH
EPSS
0.6%
top 29.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Anyconnect Secure Mobility ClientCisco Cisco Anyconnect Secure Mobility Client
Timeline
PublishedFeb 17
Latest updateMay 24

Description

A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device if the VPN Posture (HostScan) Module is installed on the AnyConnect client. This vulnerability is due to insufficient validation of resources that are loaded by the application at run time. An attacker could exploit this vulnerability by sending a crafted IPC message to the AnyCo

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-wf29-cxx3-f5h5: A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, l2022-05-24
CVEList
Cisco AnyConnect Secure Mobility Client for Windows with VPN Posture (HostScan) Module DLL Hijacking Vulnerability2021-02-17

📋Vendor Advisories

1
Cisco
Cisco AnyConnect Secure Mobility Client for Windows with VPN Posture (HostScan) Module DLL Hijacking Vulnerability2021-02-17

🕵️Threat Intelligence

2
Talos
Vulnerability Spotlight: Multiple vulnerabilities in Advantech R-SeeNet2021-11-22
Talos
Vulnerability Spotlight: Multiple vulnerabilities in Advantech R-SeeNet2021-11-22
CVE-2021-1366 (HIGH CVSS 7.8) | A vulnerability in the interprocess | cvebase.io