CVE-2021-40124
First published: Thu Nov 04 2021(Updated: )
A vulnerability in the Network Access Manager (NAM) module of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to escalate privileges on an affected device. This vulnerability is due to incorrect privilege assignment to scripts executed before user logon. An attacker could exploit this vulnerability by configuring a script to be executed before logon. A successful exploit could allow the attacker to execute arbitrary code with SYSTEM privileges.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Anyconnect Secure Mobility Client | <4.10.03104 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-40124?
CVE-2021-40124 is a vulnerability in the Network Access Manager (NAM) module of Cisco AnyConnect Secure Mobility Client for Windows that allows an authenticated, local attacker to escalate privileges on an affected device.
How does CVE-2021-40124 impact Cisco AnyConnect Secure Mobility Client?
CVE-2021-40124 allows an authenticated, local attacker to escalate privileges on a Windows device running Cisco AnyConnect Secure Mobility Client.
What is the severity of CVE-2021-40124?
CVE-2021-40124 has a severity rating of 7.8, which is considered high.
How can I fix CVE-2021-40124?
To fix CVE-2021-40124, you should update Cisco AnyConnect Secure Mobility Client for Windows to version 4.10.03104 or later.
Where can I find more information about CVE-2021-40124?
You can find more information about CVE-2021-40124 in the Cisco Security Advisory at the following link: [Cisco Security Advisory](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-nam-priv-yCsRNUGT)
- collector/nvd-index
- vendor/cisco
- canonical/cisco anyconnect secure mobility client