Privilege escalation vulnerability in Cisco AnyConnect secure mobility client - CVE-2021-40124Deprecated |
ID: oval:org.secpod.oval:def:81757 | Date: (C)2022-06-28 (M)2023-11-13 |
Class: VULNERABILITY | Family: windows |
The host is installed with Cisco AnyConnect Secure Mobility Client before 4.10.03104 is prone to a privilege escalation vulnerability. A flaw is present in the application, which is due to incorrect privilege assignment to scripts executed before user logon. Successful exploitation could allow the attacker to execute arbitrary code with SYSTEM privileges.
Platform: |
Microsoft Windows 7 |
Microsoft Windows 8.1 |
Microsoft Windows 10 |
Microsoft Windows Server 2008 |
Microsoft Windows Server 2008 R2 |
Microsoft Windows Server 2012 |
Microsoft Windows Server 2012 R2 |
Microsoft Windows Server 2016 |
Microsoft Windows Server 2019 |
Microsoft Windows Server 2022 |
Microsoft Windows 11 |
Product: |
Cisco AnyConnect Secure Mobility Client |