CVE-2021-34788

Name of the Vulnerable Software and Affected Versions Cisco AnyConnect Secure Mobility Client for Linux and Mac OS (affected versions not specified)

Description A vulnerability in the shared library loading mechanism could allow an authenticated, local attacker to perform a shared library hijacking attack if the VPN Posture (HostScan) Module is installed. This issue is due to a race condition in the signature verification process for shared library files. An attacker could exploit this by sending crafted interprocess communication (IPC) messages to the AnyConnect process, potentially allowing the execution of arbitrary code with root privileges. The attacker must have a valid account on the system to exploit this issue.

Recommendations To resolve this issue, update the Cisco AnyConnect Secure Mobility Client to a version that includes the fix for the shared library loading mechanism vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.