CVE-2021-1496: 
Cisco AnyConnect Secure Client vulnerability analysis and mitigation

Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or executable files that are used by the application. The vulnerability (CVE-2021-1496) specifically relates to the install process where the application loads an executable file from a user-writable directory. This vulnerability was discovered and disclosed in May 2021, affecting Cisco AnyConnect Secure Mobility Client for Windows versions earlier than 4.9.03022 (Cisco Advisory).

The vulnerability exists because the application loads an executable file from a user-writable directory. The CVSS base score is 7.0 HIGH with the vector string CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H. The vulnerability is classified under CWE-378 (Creation of Temporary File With Insecure Permissions). To exploit this vulnerability, an attacker needs valid credentials on the Windows system and can exploit it by copying a malicious executable file to a specific directory, which would be executed when the application is installed or upgraded (Cisco Advisory).

A successful exploit could allow the attacker to execute arbitrary code on the affected device with SYSTEM privileges. This means an attacker could potentially install programs, view, change, or delete data, or create new accounts with full user rights (Cisco Advisory).

Cisco has released software updates that address this vulnerability in version 4.9.03022 and later. There are no workarounds available for this vulnerability. Organizations are advised to upgrade to a fixed software release. Customers without service contracts should contact Cisco TAC for upgrade assistance (Cisco Advisory).