cvedb.io
CVE-2021-40124
MEDIUM · CVSS 6.7
EPSS exploitation probability: 0%
Published 2021-11-04T16:15:09.503 · Last modified 2026-06-17T04:06:34.047

Summary

A vulnerability in the Network Access Manager (NAM) module of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to escalate privileges on an affected device. This vulnerability is due to incorrect privilege assignment to scripts executed before user logon. An attacker could exploit this vulnerability by configuring a script to be executed before logon. A successful exploit could allow the attacker to execute arbitrary code with SYSTEM privileges.

Affected products

cisco — anyconnect_secure_mobility_client

Does this affect you?

Add your gear to cvedb and we'll alert you only when cisco ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.