CVE-2021-1496

Name of the Vulnerable Software and Affected Versions Cisco AnyConnect Secure Mobility Client for Windows (affected versions not specified)

Description The issue is related to multiple vulnerabilities in the install, uninstall, and upgrade processes of the software. These vulnerabilities could allow an authenticated, local attacker to hijack DLL or executable files used by the application, potentially executing arbitrary code on an affected device with SYSTEM privileges. The attacker must have valid credentials on the Windows system to exploit these vulnerabilities. Additionally, the vulnerability is associated with the creation of temporary files with insecure permissions during the installation process, which could also allow an attacker to execute arbitrary code with SYSTEM privileges.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.