5.5
CVE-2021-1258
- EPSS 0.05%
- Published 13.01.2021 22:15:21
- Last modified 21.11.2024 05:43:56
- Source psirt@cisco.com
- Teams watchlist Login
- Open Login
A vulnerability in the upgrade component of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker with low privileges to read arbitrary files on the underlying operating system (OS) of an affected device. The vulnerability is due to insufficient file permission restrictions. An attacker could exploit this vulnerability by sending a crafted command from the local CLI to the application. A successful exploit could allow the attacker to read arbitrary files on the underlying OS of the affected device. The attacker would need to have valid user credentials to exploit this vulnerability.
Data is provided by the National Vulnerability Database (NVD)
Cisco ≫ Anyconnect Secure Mobility Client SwPlatformlinux_kernel Version < 4.9.03047
Cisco ≫ Anyconnect Secure Mobility Client SwPlatformmacos Version < 4.9.03047
Cisco ≫ Anyconnect Secure Mobility Client SwPlatformwindows Version < 4.9.03049
Mcafee ≫ Agent Epolicy Orchestrator Extension Version < 5.7.6
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.05% | 0.127 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 2.1 | 3.9 | 2.9 |
AV:L/AC:L/Au:N/C:P/I:N/A:N
|
| psirt@cisco.com | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
CWE-269 Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.