What is CVE-2021-1258?

CVE-2021-1258 is a medium-severity vulnerability in Cisco Anyconnect Secure Mobility Client, classified under CWE-264. CVSS score: 5.5/10. Published 2021-01-13.

How severe is CVE-2021-1258?

Medium severity. CVSS v3 base score is 5.5 out of 10.

Vulnerability in Cisco Anyconnect Secure Mobility Client

CVE-2021-1258

A vulnerability in the upgrade component of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker with low privileges to read arbitrary files on the underlying operating system (OS) of an affected device. The…

EPSS: 0.000 (14.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.5 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N.

Affected products

Cisco Anyconnect Secure Mobility Client — versions n/a

Weakness classification (CWE)

CWE-264

References

20210113 Cisco AnyConnect Secure Mobility Client Arbitrary File Read Vulnerability (vendor-advisory, x_refsource_CISCO)
kc.mcafee.com/corporate/index (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2021-1258?: CVE-2021-1258 is a medium-severity vulnerability in Cisco Anyconnect Secure Mobility Client, classified under CWE-264. CVSS score: 5.5/10. Published 2021-01-13.
How severe is CVE-2021-1258?: Medium severity. CVSS v3 base score is 5.5 out of 10.