CVE-2021-1427: 
Cisco AnyConnect Secure Client vulnerability analysis and mitigation

CVE-2021-1427 is a DLL hijacking vulnerability affecting the upgrade process of Cisco AnyConnect Secure Mobility Client for Windows. The vulnerability was disclosed on May 5, 2021, and affects versions earlier than 4.9.06037 of the software (Cisco Advisory).

The vulnerability exists because the application loads a DLL file from a user-writable directory during the upgrade process. The vulnerability has been assigned a CVSS Base Score of 7.0 (High) with the vector CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating local access required with high complexity (Cisco Advisory).

A successful exploit could allow an authenticated, local attacker to execute arbitrary code on the affected device with SYSTEM privileges. The attacker must have valid credentials on the Windows system to exploit this vulnerability (Cisco Advisory).

Cisco has released software updates that address this vulnerability in version 4.9.06037. There are no workarounds available for this vulnerability. Customers are advised to upgrade to an appropriate fixed software release (Cisco Advisory).

The vulnerability was discovered and reported by Lockheed Martin Red Team and Antoine Goichot of PwC Luxembourg's Cybersecurity team (Cisco Advisory).