Privilege escalation in Cisco Anyconnect Secure Mobility Client
CVE-2021-40124
A vulnerability in the Network Access Manager (NAM) module of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to escalate privileges on an affected device. This vulnerability is due to incor…
EPSS: 0.000 (11.2th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 6.7 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Cisco Anyconnect Secure Mobility Client — versions n/a
Weakness classification (CWE)
References
- 20211103 Cisco AnyConnect Secure Mobility Client for Windows with Network Access Manager Module Privilege Escalation Vulnerability (vendor-advisory, x_refsource_CISCO)
Frequently asked questions
- What is CVE-2021-40124?
- CVE-2021-40124 is a medium-severity vulnerability in Cisco Anyconnect Secure Mobility Client, classified under Incorrect Privilege Assignment. CVSS score: 6.7/10. Published 2021-11-04.
- How severe is CVE-2021-40124?
- Medium severity. CVSS v3 base score is 6.7 out of 10.