VDB

CVE-2021-1568

CVE-2021-1568 PUBLISHED CVSS 5.5 MEDIUM

A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. This vulnerability is due to uncontrolled memory allocation. An attacker could exploit this vulnerability by copying a crafted file to a specific folder on the system. A successful exploit could allow the attacker to crash the VPN Agent service when the affected application is launched, causing it to be unavailable to all users of the system. To exploit this vulnerability, the attacker must have valid credentials on a multiuser Windows system.

EPSS 0.07% · 20.4th percentile

Risk Scores

CVSS 3.1
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Score
0.07%
20.4th percentile

Affected Products

VendorProductVersions
CiscoCisco AnyConnect Secure Mobility Clientn/a
ciscoanyconnect_secure_mobility_client0

Exploit Intelligence

Timeline

  • Jun 16, 2021 CVE Published
  • Jun 17, 2021 EPSS Score
  • Aug 18, 2021 EPSS Score
  • Oct 17, 2021 EPSS Score
  • Dec 17, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • Apr 17, 2022 EPSS Score
  • Jun 16, 2022 EPSS Score
  • Aug 17, 2022 EPSS Score
  • Oct 16, 2022 EPSS Score
  • Dec 16, 2022 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›