漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Cisco AnyConnect Secure Mobility Client for Linux and Mac OS with VPN Posture (HostScan) Module Shared Library Hijacking Vulnerability
Vulnerability Description
A vulnerability in the shared library loading mechanism of Cisco AnyConnect Secure Mobility Client for Linux and Mac OS could allow an authenticated, local attacker to perform a shared library hijacking attack on an affected device if the VPN Posture (HostScan) Module is installed on the AnyConnect client. This vulnerability is due to a race condition in the signature verification process for shared library files that are loaded on an affected device. An attacker could exploit this vulnerability by sending a series of crafted interprocess communication (IPC) messages to the AnyConnect process. A successful exploit could allow the attacker to execute arbitrary code on the affected device with root privileges. To exploit this vulnerability, the attacker must have a valid account on the system.
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
检查时间与使用时间(TOCTOU)的竞争条件
Vulnerability Title
Cisco Anyconnect Secure Mobility Client 竞争条件问题漏洞
Vulnerability Description
Cisco Anyconnect Secure Mobility Client是美国思科(Cisco)公司的一款用于安全连接的VPN客户端软件。 Cisco AnyConnect Secure Mobility Client 存在竞争条件问题漏洞,该漏洞源于在受影响设备上加载的共享库文件的签名验证过程中存在竞争条件。攻击者可以通过向 AnyConnect 进程发送一系列精心设计的进程间通信 (IPC) 消息来利用此漏洞。成功的利用可能允许攻击者以root权限在受影响的设备上执行任意代码。要利用此漏洞,攻击
CVSS Information
N/A
Vulnerability Type
N/A