Vulnerabilities > Cisco > Anyconnect Secure Mobility Client

DATE CVE VULNERABILITY TITLE RISK
2021-05-06 CVE-2021-1428 Uncontrolled Search Path Element vulnerability in Cisco Anyconnect Secure Mobility Client
Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or executable files that are used by the application.
local
low complexity
cisco CWE-427
7.8
2021-05-06 CVE-2021-1429 Uncontrolled Search Path Element vulnerability in Cisco Anyconnect Secure Mobility Client
Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or executable files that are used by the application.
local
low complexity
cisco CWE-427
7.8
2021-05-06 CVE-2021-1430 Uncontrolled Search Path Element vulnerability in Cisco Anyconnect Secure Mobility Client
Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or executable files that are used by the application.
local
low complexity
cisco CWE-427
7.8
2021-05-06 CVE-2021-1496 Uncontrolled Search Path Element vulnerability in Cisco Anyconnect Secure Mobility Client
Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or executable files that are used by the application.
local
low complexity
cisco CWE-427
7.8
2021-05-06 CVE-2021-1519 Unspecified vulnerability in Cisco Anyconnect Secure Mobility Client
A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client Software could allow an authenticated, local attacker to overwrite VPN profiles on an affected device.
local
low complexity
cisco
5.5
2021-02-24 CVE-2021-1450 Unspecified vulnerability in Cisco Anyconnect Secure Mobility Client 4.9(5086)
A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device.
local
low complexity
cisco
5.5
2021-02-17 CVE-2021-1366 Uncontrolled Search Path Element vulnerability in Cisco Anyconnect Secure Mobility Client
A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device if the VPN Posture (HostScan) Module is installed on the AnyConnect client.
local
low complexity
cisco CWE-427
7.8
2021-01-13 CVE-2021-1258 Improper Privilege Management vulnerability in multiple products
A vulnerability in the upgrade component of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker with low privileges to read arbitrary files on the underlying operating system (OS) of an affected device.
local
low complexity
cisco mcafee CWE-269
5.5
2021-01-13 CVE-2021-1237 Uncontrolled Search Path Element vulnerability in Cisco Anyconnect Secure Mobility Client
A vulnerability in the Network Access Manager and Web Security Agent components of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL injection attack.
local
low complexity
cisco CWE-427
7.8
2020-11-06 CVE-2020-3556 Unspecified vulnerability in Cisco Anyconnect Secure Mobility Client 4.9(3052)/98.145(86)
A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client Software could allow an authenticated, local attacker to cause a targeted AnyConnect user to execute a malicious script.
local
low complexity
cisco
7.3