Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cisco AnyConnect Secure Mobility Client for Windows with VPN Posture (HostScan) Module DLL Hijacking Vulnerability
Vulnerability Description
A vulnerability in the DLL loading mechanism of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device if the VPN Posture (HostScan) Module is installed on the AnyConnect client. This vulnerability is due to a race condition in the signature verification process for DLL files that are loaded on an affected device. An attacker could exploit this vulnerability by sending a series of crafted interprocess communication (IPC) messages to the AnyConnect process. A successful exploit could allow the attacker to execute arbitrary code on the affected device with SYSTEM privileges. To exploit this vulnerability, the attacker must have valid credentials on the Windows system.
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
检查时间与使用时间(TOCTOU)的竞争条件
Vulnerability Title
Cisco AnyConnect Secure Mobility Client for Windows 代码问题漏洞
Vulnerability Description
Cisco AnyConnect Secure Mobility Client for Windows是美国思科(Cisco)公司的一款基于Windows平台的可通过任何设备安全访问网络和应用的安全移动客户端。 Cisco AnyConnect Secure Mobility Client 在Windows上存在代码问题漏洞,该漏洞源于受影响设备上加载的DLL文件的签名验证过程中的竞争条件。如果AnyConnect客户端上安装了VPN Posture (HostScan)模块,则通过身份验证的本地攻击者可
CVSS Information
N/A
Vulnerability Type
N/A