CVE-2021-1430: 
Cisco AnyConnect Secure Client vulnerability analysis and mitigation

A vulnerability (CVE-2021-1430) was discovered in the upgrade process of Cisco AnyConnect Secure Mobility Client for Windows. The vulnerability was disclosed on May 5, 2021, affecting versions earlier than 4.9.06037 of the Cisco AnyConnect Secure Mobility Client for Windows (Cisco Advisory).

The vulnerability exists because a temporary file with insecure permissions is created during the upgrade process. This DLL hijacking vulnerability has been assigned a CVSS Base Score of 7.0 (High) with the vector CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H. The vulnerability is tracked as CWE-378 (Cisco Advisory).

A successful exploit could allow an authenticated, local attacker to execute arbitrary code on the affected device with SYSTEM privileges. The attacker must have valid credentials on the Windows system to exploit this vulnerability (Cisco Advisory).

Cisco has released software updates that address this vulnerability in version 4.9.06037. There are no workarounds available for this vulnerability. Customers are advised to upgrade to an appropriate fixed software release (Cisco Advisory).

The vulnerability was discovered and reported by the Lockheed Martin Red Team, demonstrating collaboration between security researchers and vendors in responsible vulnerability disclosure (Cisco Advisory).