CVE-2021-1426: 
Cisco AnyConnect Secure Client vulnerability analysis and mitigation

A vulnerability (CVE-2021-1426) was discovered in the uninstall process of Cisco AnyConnect Secure Mobility Client for Windows. The vulnerability was first published on May 5, 2021, and affects versions earlier than 4.9.06037. This security flaw exists because a temporary file with insecure permissions is created during the uninstall process (Cisco Advisory).

The vulnerability is characterized by insecure file permissions during the uninstall process, which allows for executable hijacking attacks. It has been assigned a CVSS Base Score of 7.0 (High) with the vector CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H. The vulnerability is tracked under Cisco Bug IDs CSCvv43102 and CSCvv60844 (Cisco Advisory).

A successful exploitation of this vulnerability allows an authenticated, local attacker to execute arbitrary code on the affected device with SYSTEM privileges. This means an attacker could gain complete control over the system, potentially leading to unauthorized access, data theft, or system compromise (Cisco Advisory).

Cisco has released software updates that address this vulnerability in version 4.9.06037. There are no workarounds available for this vulnerability. Users are advised to upgrade to the fixed version. The software can be downloaded from the Cisco Software Center by navigating to Security > VPN and Endpoint Security Clients > Cisco VPN Clients > AnyConnect Secure Mobility Client > AnyConnect Secure Mobility Client v4.x (Cisco Advisory).

The vulnerability was discovered and reported by Can Huang and Xinhui Han at Wangxuan Institute of Computer Technology, Peking University, and Lasse Trolle Borup of Danish Cyber Defence (Cisco Advisory).