CVE-2021-1428: 
Cisco AnyConnect Secure Client vulnerability analysis and mitigation

A vulnerability in the upgrade process of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device. The vulnerability (CVE-2021-1428) was discovered by Lockheed Martin Red Team and disclosed on May 5, 2021. This vulnerability affects Cisco AnyConnect Secure Mobility Client for Windows versions earlier than 4.10.00093 (Cisco Advisory).

The vulnerability exists because the application loads a DLL file from a user-writable directory. The vulnerability has been assigned a CVSS Base Score of 7.0 (High) with the vector CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H. The vulnerability is tracked under Cisco Bug IDs CSCvw16996 and CSCvw17005 (Cisco Advisory).

A successful exploit could allow the attacker to execute arbitrary code on the affected device with SYSTEM privileges. The vulnerability requires the attacker to have valid credentials on the Windows system (Cisco Advisory).

Cisco has released software updates that address this vulnerability in version 4.10.00093. There are no workarounds that address this vulnerability. Customers are advised to upgrade to an appropriate fixed software release (Cisco Advisory).