SB2021061623 - Privilege escalation in Cisco AnyConnect Secure Mobility Client for Windows
Published: June 16, 2021
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Insecure DLL loading (CVE-ID: CVE-2021-1567)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to the application loads DLL libraries in an insecure manner. A local user can place a specially crafted .dll file on system, if the VPN Posture (HostScan) Module is installed on the AnyConnect client, and execute arbitrary code with SYSTEM privileges.
The vulnerability affects Cisco AnyConnect Secure Mobility Client for Windows.
2) Uncontrolled Memory Allocation (CVE-ID: CVE-2021-1568)
The vulnerability allows a local user to perform denial of service (DoS) attack.
The vulnerability exists due to uncontrolled memory allocation. A local user can crash the VPN Agent service when the affected application is launched.
Remediation
Install update from vendor's website.
References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-pos-dll-ff8j6dFv
- https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx52084
- https://www.coresecurity.com/core-labs/advisories/cisco-anyconnect-posture-hostscan-security-service-bypass/
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-dos-hMhyDfb8
- https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx09155