Vulnerabilities > Cisco > Anyconnect Secure Mobility Client > 4.1.06020

DATE CVE VULNERABILITY TITLE RISK
2021-10-06 CVE-2021-34788 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Cisco Anyconnect Secure Mobility Client
A vulnerability in the shared library loading mechanism of Cisco AnyConnect Secure Mobility Client for Linux and Mac OS could allow an authenticated, local attacker to perform a shared library hijacking attack on an affected device if the VPN Posture (HostScan) Module is installed on the AnyConnect client.
local
high complexity
cisco CWE-367
7.0
7.0
2021-05-06 CVE-2021-1519 Improper Input Validation vulnerability in Cisco Anyconnect Secure Mobility Client
A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client Software could allow an authenticated, local attacker to overwrite VPN profiles on an affected device.
local
low complexity
cisco CWE-20
5.5
5.5
2017-06-08 CVE-2017-6638 Improper Input Validation vulnerability in Cisco Anyconnect Secure Mobility Client
A vulnerability in how DLL files are loaded with Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to install and run an executable file with privileges equivalent to the Microsoft Windows SYSTEM account.
local
low complexity
cisco CWE-20
7.2
7.2
2017-02-09 CVE-2017-3813 Missing Authorization vulnerability in Cisco Anyconnect Secure Mobility Client
A vulnerability in the Start Before Logon (SBL) module of Cisco AnyConnect Secure Mobility Client Software for Windows could allow an unauthenticated, local attacker to open Internet Explorer with the privileges of the SYSTEM user.
local
low complexity
cisco CWE-862
7.2
7.2