CVE-2021-1519: Input Validation
First published: Thu May 06 2021(Updated: )
A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client Software could allow an authenticated, local attacker to overwrite VPN profiles on an affected device. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted IPC message to the AnyConnect process. A successful exploit could allow the attacker to modify VPN profile files. To exploit this vulnerability, the attacker must have valid credentials on the affected system.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Anyconnect Secure Mobility Client | <4.10.00093 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Cisco AnyConnect Secure Mobility Client vulnerability?
The vulnerability ID for this Cisco AnyConnect Secure Mobility Client vulnerability is CVE-2021-1519.
What is the severity of CVE-2021-1519?
The severity of CVE-2021-1519 is medium, with a severity value of 5.5.
How can an attacker exploit CVE-2021-1519?
An authenticated, local attacker can exploit CVE-2021-1519 by overwriting VPN profiles on an affected device.
Which software is affected by CVE-2021-1519?
Cisco AnyConnect Secure Mobility Client Software up to version 4.10.00093 is affected by CVE-2021-1519.
Is there a solution or fix available for CVE-2021-1519?
Yes, Cisco has provided a security advisory with mitigation details for CVE-2021-1519. Please refer to the reference link for more information.
- collector/nvd-index
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/type
- vendor/cisco
- canonical/cisco anyconnect secure mobility client