Detections
Analytics

Cisco AnyConnect Secure Mobility Client for Windows with VPN Posture (HostScan) Module DLL Hijacking Vulnerability (cisco-sa-anyconnect-dll-hijac-JrcTOQMC)

high Nessus Plugin ID 146581

Language:

Synopsis

The remote device is missing a vendor-supplied security patch (cisco-sa-anyconnect-dll-hijac-JrcTOQMC)

Description

The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the cisco-sa-anyconnect-dll-hijac-JrcTOQMC advisory.

 - A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device if the VPN Posture (HostScan) Module is installed on the AnyConnect client. This vulnerability is due to insufficient validation of resources that are loaded by the application at run time. An attacker could exploit this vulnerability by sending a crafted IPC message to the AnyConnect process. A successful exploit could allow the attacker to execute arbitrary code on the affected machine with SYSTEM privileges.
 To exploit this vulnerability, the attacker needs valid credentials on the Windows system. (CVE-2021-1366)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to the relevant fixed version referenced in Cisco bug ID CSCvv64243

See Also

http://www.nessus.org/u?8b2515a5

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv64243

Plugin Details

Severity: High

ID: 146581

File Name: cisco-sa-anyconnect-dll-hijac-JrcTOQMC.nasl

Version: 1.9

Type: local

Agent: windows

Family: Windows

Published: 2/18/2021

Updated: 1/18/2023

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Medium

Base Score: 6.9

Temporal Score: 5.7

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2021-1366

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7.2

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:cisco:anyconnect_secure_mobility_client

Required KB Items: SMB/Registry/Enumerated, installed_sw/Cisco AnyConnect Secure Mobility Client

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/17/2021

Vulnerability Publication Date: 2/17/2021

Exploitable With

Core Impact

Reference Information

CVE: CVE-2021-1366

CWE: 347

CISCO-SA: cisco-sa-anyconnect-dll-hijac-JrcTOQMC

IAVA: 2021-A-0096-S

CISCO-BUG-ID: CSCvv64243