Details of VAR-202106-0634

ID

VAR-202106-0634

CVE

CVE-2021-1567

TITLE

Cisco AnyConnect Secure Mobility Client Vulnerability regarding uncontrolled search path elements in

Trust: 0.8

sources: JVNDB: JVNDB-2021-012366

DESCRIPTION

A vulnerability in the DLL loading mechanism of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device if the VPN Posture (HostScan) Module is installed on the AnyConnect client. This vulnerability is due to a race condition in the signature verification process for DLL files that are loaded on an affected device. An attacker could exploit this vulnerability by sending a series of crafted interprocess communication (IPC) messages to the AnyConnect process. A successful exploit could allow the attacker to execute arbitrary code on the affected device with SYSTEM privileges. To exploit this vulnerability, the attacker must have valid credentials on the Windows system. Cisco AnyConnect Secure Mobility Client Exists in a vulnerability in an element of an uncontrolled search path.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Cisco AnyConnect Secure Mobility Client for Windows is a secure mobile client based on Windows platform of Cisco, which can securely access networks and applications through any device

Trust: 2.25

sources: NVD: CVE-2021-1567 // JVNDB: JVNDB-2021-012366 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-374621

AFFECTED PRODUCTS

vendor:	cisco	model:	anyconnect secure mobility client	scope:	lt	version:	4.10.01075	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco anyconnect secure mobility client	scope:	eq	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco anyconnect secure mobility client	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-012366 // NVD: CVE-2021-1567

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1567
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1567
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-1567
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202106-1298
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-374621
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-1567
severity:	MEDIUM
baseScore:	6.2
vectorString:	AV:L/AC:H/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	1.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-374621
severity:	MEDIUM
baseScore:	6.2
vectorString:	AV:L/AC:H/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	1.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-1567
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1567
baseSeverity:	HIGH
baseScore:	7.0
vectorString:	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.0
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2021-1567
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-374621 // JVNDB: JVNDB-2021-012366 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-1298 // NVD: CVE-2021-1567 // NVD: CVE-2021-1567

PROBLEMTYPE DATA

problemtype:	CWE-427	Trust: 1.1
problemtype:	CWE-367	Trust: 1.0
problemtype:	Uncontrolled search path elements (CWE-427) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-374621 // JVNDB: JVNDB-2021-012366 // NVD: CVE-2021-1567

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202106-1298

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:	cisco-sa-anyconnect-pos-dll-ff8j6dFv	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-pos-dll-ff8j6dFv	Trust: 0.8
title:	Cisco AnyConnect Secure Mobility Client for Windows Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=155077	Trust: 0.6

sources: JVNDB: JVNDB-2021-012366 // CNNVD: CNNVD-202106-1298

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1567	Trust: 3.3
db:	JVNDB	id:	JVNDB-2021-012366	Trust: 0.8
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2144	Trust: 0.6
db:	CS-HELP	id:	SB2021061623	Trust: 0.6
db:	CNNVD	id:	CNNVD-202106-1298	Trust: 0.6
db:	VULHUB	id:	VHN-374621	Trust: 0.1

sources: VULHUB: VHN-374621 // JVNDB: JVNDB-2021-012366 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-1298 // NVD: CVE-2021-1567

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-anyconnect-pos-dll-ff8j6dfv	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1567	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2144	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cisco-anyconnect-secure-mobility-client-for-windows-executing-dll-code-via-vpn-posture-35707	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021061623	Trust: 0.6

sources: VULHUB: VHN-374621 // JVNDB: JVNDB-2021-012366 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-1298 // NVD: CVE-2021-1567

SOURCES

db:	VULHUB	id:	VHN-374621
db:	JVNDB	id:	JVNDB-2021-012366
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202106-1298
db:	NVD	id:	CVE-2021-1567

LAST UPDATE DATE

2024-08-14T13:16:23.020000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-374621	date:	2022-08-05T00:00:00
db:	JVNDB	id:	JVNDB-2021-012366	date:	2022-08-30T04:43:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202106-1298	date:	2022-08-10T00:00:00
db:	NVD	id:	CVE-2021-1567	date:	2023-11-07T03:28:39.090

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-374621	date:	2021-06-16T00:00:00
db:	JVNDB	id:	JVNDB-2021-012366	date:	2022-08-30T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202106-1298	date:	2021-06-16T00:00:00
db:	NVD	id:	CVE-2021-1567	date:	2021-06-16T18:15:08.830