{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-02T23:09:12.057","vulnerabilities":[{"cve":{"id":"CVE-2021-1258","sourceIdentifier":"psirt@cisco.com","published":"2021-01-13T22:15:21.287","lastModified":"2024-11-21T05:43:56.737","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the upgrade component of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker with low privileges to read arbitrary files on the underlying operating system (OS) of an affected device. The vulnerability is due to insufficient file permission restrictions. An attacker could exploit this vulnerability by sending a crafted command from the local CLI to the application. A successful exploit could allow the attacker to read arbitrary files on the underlying OS of the affected device. The attacker would need to have valid user credentials to exploit this vulnerability."},{"lang":"es","value":"Una vulnerabilidad en el componente de actualización de Cisco AnyConnect Secure Mobility Client, podría permitir a un atacante local autenticado con pocos privilegios leer archivos arbitrarios en el sistema operativo (SO) subyacente de un dispositivo afectado. La vulnerabilidad es debido a restricciones de permisos de archivos insuficientes. Un atacante podría explotar esta vulnerabilidad mediante el envío de un comando diseñado desde la CLI local para la aplicación. Una explotación con éxito podría permitir al atacante leer archivos arbitrarios en el sistema operativo subyacente del dispositivo afectado. El atacante debería tener credenciales de usuario válidas para explotar esta vulnerabilidad."}],"metrics":{"cvssMetricV31":[{"source":"psirt@cisco.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"psirt@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-264"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-269"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:anyconnect_secure_mobility_client:*:*:*:*:*:linux_kernel:*:*","versionEndExcluding":"4.9.03047","matchCriteriaId":"437D6FD7-BBD1-47AC-B1A1-553A3E4BBE23"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:anyconnect_secure_mobility_client:*:*:*:*:*:macos:*:*","versionEndExcluding":"4.9.03047","matchCriteriaId":"C4D4811F-C38B-4BC2-BC57-5A55215370AB"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:anyconnect_secure_mobility_client:*:*:*:*:*:windows:*:*","versionEndExcluding":"4.9.03049","matchCriteriaId":"3A2F752C-F227-4FFE-B5D5-A27179AC33D3"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mcafee:agent_epolicy_orchestrator_extension:*:*:*:*:*:*:*:*","versionEndExcluding":"5.7.6","matchCriteriaId":"E1B3C345-1F99-4D64-9135-BAA5F5EE1812"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10382","source":"psirt@cisco.com","tags":["Third Party Advisory"]},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-fileread-PbHbgHMj","source":"psirt@cisco.com","tags":["Vendor Advisory"]},{"url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10382","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-fileread-PbHbgHMj","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}