A vulnerability in the upgrade component of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker with low privileges to read arbitrary files on the underlying operating system (OS) of an affected device. The vulnerability is due to insufficient file permission restrictions. An attacker could exploit this vulnerability by sending a crafted command from the local CLI to the application. A successful exploit could allow the attacker to read arbitrary files on the underlying OS of the affected device. The attacker would need to have valid user credentials to exploit this vulnerability.
Metrics
Affected Vendors & Products
References
History
Tue, 12 Nov 2024 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: cisco
Published: 2021-01-13T21:17:42.801340Z
Updated: 2024-11-12T20:47:33.597Z
Reserved: 2020-11-13T00:00:00
Link: CVE-2021-1258
Vulnrichment
Updated: 2024-08-03T16:02:56.382Z
NVD
Status : Modified
Published: 2021-01-13T22:15:21.287
Modified: 2024-11-21T05:43:56.737
Link: CVE-2021-1258
Redhat
No data.