Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Cisco AnyConnect Posture (HostScan) Security Service CVE-2021-1366 Bypass

🗓️ 16 Jun 2021 00:00:00Reported by Core SecurityType 
coresecurity
 coresecurity👁 40 Views

Cisco AnyConnect Posture (HostScan) Security Service CVE-2021-1366 Bypass. Time-of-check Time-of-use (TOCTOU) Race Condition allows local privilege elevation and code execution in AnyConnect Posture. New version 4.10.01075 released by Cisco

Related
ReporterTitlePublishedViews
Family
GithubExploit		Exploit for Uncontrolled Search Path Element in Cisco Anyconnect_Secure_Mobility_Client
8 Sep 202309:20
githubexploit
BDU FSTEC		The vulnerability of the process-interaction channel of the Cisco AnyConnect Secure Mobility Client cryptographic security tool for Windows allows a hacker to execute arbitrary code.
2 Mar 202100:00
bdu_fstec
BDU FSTEC		The vulnerability of the DLL loading mechanism used by Cisco AnyConnect Secure Mobility Client for Windows allows a malicious actor to execute arbitrary code with SYSTEM privileges.
18 Jun 202100:00
bdu_fstec
Circl		CVE-2021-1366
17 Feb 202120:49
circl
Cisco		Cisco AnyConnect Secure Mobility Client for Windows with VPN Posture (HostScan) Module DLL Hijacking Vulnerability
17 Feb 202116:00
cisco
Cisco		Cisco AnyConnect Secure Mobility Client for Windows with VPN Posture (HostScan) Module DLL Hijacking Vulnerability
16 Jun 202116:00
cisco
Tenable Nessus		Cisco AnyConnect Secure Mobility Client for Windows with VPN Posture (HostScan) Module DLL Hijacking Vulnerability (cisco-sa-anyconnect-dll-hijac-JrcTOQMC)
18 Feb 202100:00
nessus
Tenable Nessus		Cisco AnyConnect Secure Mobility Client for Windows with VPN Posture (HostScan) Module DLL Hijacking Vulnerability (cisco-sa-anyconnect-pos-dll-ff8j6dFv)
16 Jun 202100:00
nessus
CNNVD		Cisco Anyconnect Secure Mobility Client Code Issue Vulnerability
17 Feb 202100:00
cnnvd
CNNVD		Cisco AnyConnect Secure Mobility Client for Windows 代码问题漏洞
16 Jun 202100:00
cnnvd
Rows per page

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
16 Jun 2021 00:00Current
7.5High risk
Vulners AI Score7.5
CVSS 26.9
CVSS 3.17.8
EPSS0.01253
SSVC
ciscoanyconnecthostscansecurity servicecve-2021-1366bypasstoctourace conditionprivilege elevationcode executionupdate
40