CVE-2021-1450

CWE-20Improper Input Validation4 documents4 sources
Severity
5.5MEDIUM
EPSS
0.1%
top 81.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Cisco Anyconnect Secure Mobility ClientCisco Anyconnect Secure Mobility Client
Timeline
PublishedFeb 24
Latest updateMay 24

Description

A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device. To exploit this vulnerability, the attacker would need to have valid credentials on the device. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending one or more crafted IPC messages to the AnyConnect p

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-6jcj-wgch-673v: A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacke2022-05-24
CVEList
Cisco AnyConnect Secure Mobility Client Denial of Service Vulnerability2021-02-24

📋Vendor Advisories

1
Cisco
Cisco AnyConnect Secure Mobility Client Denial of Service Vulnerability2021-02-24
CVE-2021-1450 (MEDIUM CVSS 5.5) | A vulnerability in the interprocess | cvebase.io