CVE-2021-40124: 
Cisco AnyConnect Secure Client vulnerability analysis and mitigation

CVE-2021-40124 is a privilege escalation vulnerability discovered in the Network Access Manager (NAM) module of Cisco AnyConnect Secure Mobility Client for Windows. The vulnerability was first published on November 3, 2021, and affects systems with specific NAM profile configurations. This security flaw received a CVSS base score of 6.7, indicating a medium severity level (Cisco Advisory).

The vulnerability stems from incorrect privilege assignment to scripts executed before user logon in the NAM module. It specifically affects systems with NAM profile configurations including 'Client Policy > Connection Settings > Before User Logon' and 'Client Policy > End-user Control > Specify a script or application to run when connected'. The vulnerability is tracked as CWE-266 (Incorrect Privilege Assignment) and has a CVSS score of 6.7 with the vector CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X (Cisco Advisory).

A successful exploitation of this vulnerability allows an authenticated, local attacker to execute arbitrary code with SYSTEM privileges on the affected device. This represents a significant elevation of privileges that could potentially give an attacker complete control over the affected system (Cisco Advisory).

Cisco has released software updates that address this vulnerability in version 4.10.03104 of the AnyConnect Secure Mobility Client. There are no workarounds available for this vulnerability, making the software update the only solution for affected systems (Cisco Advisory).

The vulnerability was responsibly disclosed by Jacob Griffith from Huntington National Bank (Cisco Advisory).