Networking-Forums.com

Cisco AnyConnect Secure Mobility Client for Windows with Network Access Manager Module Privilege Escalation Vulnerability

<p>A vulnerability in the Network Access Manager (NAM) module of Cisco&nbsp;AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to escalate privileges on an affected device.</p>
<p>This vulnerability is due to incorrect privilege assignment to scripts executed before user logon. An attacker could exploit this vulnerability by configuring a script to be executed before logon. A successful exploit could allow the attacker to execute arbitrary code with <em>SYSTEM</em> privileges.</p>
<p>Cisco&nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p>
<p>This advisory is available at the following link:<br><a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-nam-priv-yCsRNUGT" target="_blank">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-nam-priv-yCsRNUGT</a></p>

     
         
Security Impact Rating:  Medium
   
   
       
CVE: CVE-2021-40124
Source: Cisco AnyConnect Secure Mobility Client for Windows with Network Access Manager Module Privilege Escalation Vulnerability (https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-nam-priv-yCsRNUGT?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20AnyConnect%20Secure%20Mobility%20Client%20for%20Windows%20with%20Network%20Access%20Manager%20Module%20Privilege%20Escalation%20Vulnerability&vs_k=1)