Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cisco AnyConnect Secure Mobility Client for Linux and Mac OS with VPN Posture (HostScan) Module Shared Library Hijacking Vulnerability
Vulnerability Description
A vulnerability in the shared library loading mechanism of Cisco AnyConnect Secure Mobility Client for Linux and Mac OS could allow an authenticated, local attacker to perform a shared library hijacking attack on an affected device if the VPN Posture (HostScan) Module is installed on the AnyConnect client. This vulnerability is due to a race condition in the signature verification process for shared library files that are loaded on an affected device. An attacker could exploit this vulnerability by sending a series of crafted interprocess communication (IPC) messages to the AnyConnect process. A successful exploit could allow the attacker to execute arbitrary code on the affected device with root privileges. To exploit this vulnerability, the attacker must have a valid account on the system.
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
检查时间与使用时间(TOCTOU)的竞争条件
Vulnerability Title
Cisco Anyconnect Secure Mobility Client 竞争条件问题漏洞
Vulnerability Description
Cisco Anyconnect Secure Mobility Client是美国思科(Cisco)公司的一款用于安全连接的VPN客户端软件。 Cisco AnyConnect Secure Mobility Client 存在竞争条件问题漏洞,该漏洞源于在受影响设备上加载的共享库文件的签名验证过程中存在竞争条件。攻击者可以通过向 AnyConnect 进程发送一系列精心设计的进程间通信 (IPC) 消息来利用此漏洞。成功的利用可能允许攻击者以root权限在受影响的设备上执行任意代码。要利用此漏洞,攻击
CVSS Information
N/A
Vulnerability Type
N/A