How severe is CVE-2021-1567?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.7 out of 10.

What type of vulnerability is CVE-2021-1567?

This is classified as CWE-367, which is a common weakness in software security.

CVE-2021-1567

MEDIUM Year: 2021

CVSS v3 Score

6.7

Medium

CVSS v2 Score

6.2

Medium

Weakness Type

CWE-367

View all →

Vulnerability Description

A vulnerability in the DLL loading mechanism of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device if the VPN Posture (HostScan) Module is installed on the AnyConnect client. This vulnerability is due to a race condition in the signature verification process for DLL files that are loaded on an affected device. An attacker could exploit this vulnerability by sending a series of crafted interprocess communication (IPC) messages to the AnyConnect process. A successful exploit could allow the attacker to execute arbitrary code on the affected device with SYSTEM privileges. To exploit this vulnerability, the attacker must have valid credentials on the Windows system.

CVE-2020-0003

MEDIUM

CVSS:6.7(Medium)

In onCreate of InstallStart.java, there is a possible package validation bypass due to a time-of-check time-of-use vulnerability. This could lead to local escalation of privilege with no additional ex...

CWE-3672020

CVE-2020-8354

MEDIUM

CVSS:6.7(Medium)

A potential vulnerability in the SMI callback function used in the VariableServiceSmm driver in some Lenovo Notebook models may allow arbitrary code execution.

CWE-3672020

CVE-2021-0897

MEDIUM

CVSS:6.7(Medium)

In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not need...

CWE-3672021

CVE-2022-20906

MEDIUM

CVSS:6.7(Medium)

Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device. These vulnerabilities are due to insufficient input validati...

CWE-3672022