Detections
Analytics
Cisco AnyConnect Secure Mobility Client for Windows DLL and Executable Hijacking Vulnerabilities (cisco-sa-anyconnect-code-exec-jR3tWTA6)
high Nessus Plugin ID 149448
Language:
Synopsis
The remote device is missing a vendor-supplied security patchDescription
Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or executable files that are used by the application. A successful exploit could allow the attacker to execute arbitrary code on an affected device with SYSTEM privileges. To exploit these vulnerabilities, the attacker must have valid credentials on the Windows system.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Upgrade to the relevant fixed version referenced in Cisco bug IDs CSCvu77671, CSCvv43102, CSCvv60844, CSCvw16996, CSCvw17005, CSCvw18527, CSCvw18595See Also
http://www.nessus.org/u?7dd0d34b
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvu77671
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv43102
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv60844
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvw16996
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvw17005
Plugin Details
Severity: High
ID: 149448
File Name: cisco-sa-anyconnect-code-exec-jR3tWTA6.nasl
Version: 1.4
Type: local
Agent: windows
Family: Windows
Published: 5/13/2021
Updated: 1/26/2022
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: High
Base Score: 7.2
Temporal Score: 5.3
Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2021-1496
CVSS v3
Risk Factor: High
Base Score: 7.8
Temporal Score: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:cisco:anyconnect_secure_mobility_client
Required KB Items: SMB/Registry/Enumerated, installed_sw/Cisco AnyConnect Secure Mobility Client
Exploit Ease: No known exploits are available
Patch Publication Date: 5/5/2021
Vulnerability Publication Date: 5/5/2021
Reference Information
CVE: CVE-2021-1426, CVE-2021-1427, CVE-2021-1428, CVE-2021-1429, CVE-2021-1430, CVE-2021-1496
CWE: 378
CISCO-SA: cisco-sa-anyconnect-code-exec-jR3tWTA6
IAVA: 2021-A-0239-S
CISCO-BUG-ID: CSCvu77671, CSCvv43102, CSCvv60844, CSCvw16996, CSCvw17005, CSCvw18527, CSCvw18595