CVE-2021-1568
MEDIUMCisco AnyConnect Secure Mobility Client < 4.10.01075 - Authenticated Denial of Service via Crafted File Copy
Title source: llmDescription
A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. This vulnerability is due to uncontrolled memory allocation. An attacker could exploit this vulnerability by copying a crafted file to a specific folder on the system. A successful exploit could allow the attacker to crash the VPN Agent service when the affected application is launched, causing it to be unavailable to all users of the system. To exploit this vulnerability, the attacker must have valid credentials on a multiuser Windows system.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
x_refsource_cisco
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-dos-hMhyDfb8
Scores
CVSS v3
5.5
EPSS
0.0021
EPSS Percentile
10.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-789
Status
published
Products (1)
cisco/anyconnect_secure_mobility_client
< 4.10.01075
Published
Jun 16, 2021
Tracked Since
Feb 18, 2026