What is CVE-2021-1496?

CVE-2021-1496 is a high-severity vulnerability in Cisco Anyconnect Secure Mobility Client, classified under Creation of Temporary File With Insecure Permissions. CVSS score: 7.0/10. Published 2021-05-06.

How severe is CVE-2021-1496?

High severity. CVSS v3 base score is 7.0 out of 10.

Vulnerability in Cisco Anyconnect Secure Mobility Client

CVE-2021-1496

Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or executable files that are used by the applicatio…

EPSS: 0.001 (34.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.0 (High). Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Cisco Anyconnect Secure Mobility Client — versions n/a

Weakness classification (CWE)

CWE-378 — Creation of Temporary File With Insecure Permissions

References

20210505 Cisco AnyConnect Secure Mobility Client for Windows DLL and Executable Hijacking Vulnerabilities (vendor-advisory, x_refsource_CISCO)

Frequently asked questions

What is CVE-2021-1496?: CVE-2021-1496 is a high-severity vulnerability in Cisco Anyconnect Secure Mobility Client, classified under Creation of Temporary File With Insecure Permissions. CVSS score: 7.0/10. Published 2021-05-06.
How severe is CVE-2021-1496?: High severity. CVSS v3 base score is 7.0 out of 10.