CVE-2021-1568Memory Allocation with Excessive Size Value in Cisco Anyconnect Secure Mobility Client

CWE-789Memory Allocation with Excessive Size Value4 documents4 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 79.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Anyconnect Secure Mobility ClientCisco Anyconnect Secure Mobility Client
Timeline
PublishedJun 16
Latest updateMay 24

Description

A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. This vulnerability is due to uncontrolled memory allocation. An attacker could exploit this vulnerability by copying a crafted file to a specific folder on the system. A successful exploit could allow the attacker to crash the VPN Agent service when the affected application is launched, causing it to be unavailable

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-v9xf-fr6m-f93p: A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to cause a denial of service (DoS)2022-05-24
CVEList
Cisco AnyConnect Secure Mobility Client for Windows Denial of Service Vulnerability2021-06-16

📋Vendor Advisories

1
Cisco
Cisco AnyConnect Secure Mobility Client for Windows Denial of Service Vulnerability2021-06-16
CVE-2021-1568 — Cisco vulnerability | cvebase