QID 375944
Date Published: 2021-10-07
QID 375944: Cisco AnyConnect Secure Mobility Client for Linux and Mac OS with Virtual Private Network (VPN) Posture (HostScan) Module Shared Library Hijacking Vulnerability (cisco-sa-anyconnect-lib-hija-cAFB7x4q)
A vulnerability in the shared library loading mechanism of Cisco AnyConnect Secure Mobility Client for Linux and Mac OS
could allow an authenticated, local attacker to perform a shared library hijacking attack on an affected device if the
VPN Posture (HostScan) Module is installed on the AnyConnect client.
Affected Products
Devices that are running a vulnerable release of Cisco AnyConnect Secure Mobility Client for
Linux and Mac OS if the VPN Posture (HostScan) Module is installed.
Versions prior to 4.10.03104
Note: Potential detection as cannot confirm on whether VPN Posture (HostScan) module is installed.
QID Detection Logic (Authenticated):
This checks for vulnerable version of AnyConnect Mobility Client.
A successful exploit could allow the attacker to execute arbitrary code on the affected device with root privileges.
To exploit this vulnerability, the attacker must have a valid account on the system.
Customers are advised to refer to cisco-sa-anyconnect-lib-hija-cAFB7x4q for more information.
- cisco-sa-anyconnect-lib-hija-cAFB7x4q -
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-lib-hija-cAFB7x4q
CVEs related to QID 375944
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| cisco-sa-anyconnect-lib-hija-cAFB7x4q |
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-lib-hija-cAFB7x4q |