Vulnerability identifier: #VU54177

Vulnerability risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-1567

CWE-ID: CWE-427

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Cisco AnyConnect Secure Mobility Client
Client/Desktop applications / Other client software

Vendor: Cisco Systems, Inc

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to the application loads DLL libraries in an insecure manner. A local user can place a specially crafted .dll file on system, if the VPN Posture (HostScan) Module is installed on the AnyConnect client, and execute arbitrary code with SYSTEM privileges.

The vulnerability affects Cisco AnyConnect Secure Mobility Client for Windows.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Cisco AnyConnect Secure Mobility Client: 4.9.00086 - 4.10.00093

---

CPE

• cpe:2.3:a:cisco_systems:cisco_anyconnect_secure_mobility_client:4.9.03022:*:*:*:*:*:*:*

External links
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-pos-dll-ff8j6dFv
http://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx52084
http://www.coresecurity.com/core-labs/advisories/cisco-anyconnect-posture-hostscan-security-service-bypass/

---

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?