CVE-2021-1258

Cisco AnyConnect Secure Mobility Client Arbitrary File Read Vulnerability

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A vulnerability in the upgrade component of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker with low privileges to read arbitrary files on the underlying operating system (OS) of an affected device. The vulnerability is due to insufficient file permission restrictions. An attacker could exploit this vulnerability by sending a crafted command from the local CLI to the application. A successful exploit could allow the attacker to read arbitrary files on the underlying OS of the affected device. The attacker would need to have valid user credentials to exploit this vulnerability.

Una vulnerabilidad en el componente de actualización de Cisco AnyConnect Secure Mobility Client, podría permitir a un atacante local autenticado con pocos privilegios leer archivos arbitrarios en el sistema operativo (SO) subyacente de un dispositivo afectado. La vulnerabilidad es debido a restricciones de permisos de archivos insuficientes. Un atacante podría explotar esta vulnerabilidad mediante el envío de un comando diseñado desde la CLI local para la aplicación. Una explotación con éxito podría permitir al atacante leer archivos arbitrarios en el sistema operativo subyacente del dispositivo afectado. El atacante debería tener credenciales de usuario válidas para explotar esta vulnerabilidad.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2020-11-13 CVE Reserved
2021-01-13 CVE Published
2023-03-08 EPSS Updated
2024-09-17 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-264: Permissions, Privileges, and Access Controls
CWE-269: Improper Privilege Management

CAPEC

References (2)

URL	Tag	Source
https://kc.mcafee.com/corporate/index?page=content&id=SB10382	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-fileread-PbHbgHMj	2023-11-07

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Mcafee Search vendor "Mcafee"	Agent Epolicy Orchestrator Extension Search vendor "Mcafee" for product "Agent Epolicy Orchestrator Extension"	< 5.7.6 Search vendor "Mcafee" for product "Agent Epolicy Orchestrator Extension" and version " < 5.7.6"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	-	-	Safe
Cisco Search vendor "Cisco"		Anyconnect Secure Mobility Client Search vendor "Cisco" for product "Anyconnect Secure Mobility Client"				< 4.9.03047 Search vendor "Cisco" for product "Anyconnect Secure Mobility Client" and version " < 4.9.03047"		linux_kernel		Affected
Cisco Search vendor "Cisco"		Anyconnect Secure Mobility Client Search vendor "Cisco" for product "Anyconnect Secure Mobility Client"				< 4.9.03047 Search vendor "Cisco" for product "Anyconnect Secure Mobility Client" and version " < 4.9.03047"		macos		Affected
Cisco Search vendor "Cisco"		Anyconnect Secure Mobility Client Search vendor "Cisco" for product "Anyconnect Secure Mobility Client"				< 4.9.03049 Search vendor "Cisco" for product "Anyconnect Secure Mobility Client" and version " < 4.9.03049"		windows		Affected