CVE-2021-1428

Name of the Vulnerable Software and Affected Versions Cisco AnyConnect Secure Mobility Client for Windows (affected versions not specified)

Description The issue concerns multiple vulnerabilities in the install, uninstall, and upgrade processes of the software. These vulnerabilities could allow an authenticated, local attacker to hijack DLL or executable files used by the application, potentially executing arbitrary code on an affected device with SYSTEM privileges. The attacker must have valid credentials on the Windows system to exploit these vulnerabilities. The vulnerabilities are also related to the creation of DLL files with insecure permissions during the update process.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.