VDB

CVE-2021-40124

CVE-2021-40124 PUBLISHED CVSS 6.699999809265137 MEDIUM

A vulnerability in the Network Access Manager (NAM) module of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to escalate privileges on an affected device. This vulnerability is due to incorrect privilege assignment to scripts executed before user logon. An attacker could exploit this vulnerability by configuring a script to be executed before logon. A successful exploit could allow the attacker to execute arbitrary code with SYSTEM privileges.

EPSS 0.04% · 11.2th percentile

Risk Scores

CVSS 3.1
6.699999809265137
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.04%
11.2th percentile

Affected Products

VendorProductVersions
ciscoanyconnect_secure_mobility_client0
CiscoCisco AnyConnect Secure Mobility Clientn/a

Exploit Intelligence

Timeline

  • Nov 3, 2021 CVE Published
  • Nov 5, 2021 EPSS Score
  • Dec 31, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • Apr 21, 2022 EPSS Score
  • Jun 16, 2022 EPSS Score
  • Aug 12, 2022 EPSS Score
  • Oct 6, 2022 EPSS Score
  • Dec 1, 2022 EPSS Score
  • Jan 26, 2023 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›