How severe is CVE-2021-1258?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.5 out of 10.

What type of vulnerability is CVE-2021-1258?

This is classified as CWE-264, which is a common weakness in software security.

CVE-2021-1258 - MEDIUM Severity | CVSS 5.5

Vulnerability Description

A vulnerability in the upgrade component of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker with low privileges to read arbitrary files on the underlying operating system (OS) of an affected device. The vulnerability is due to insufficient file permission restrictions. An attacker could exploit this vulnerability by sending a crafted command from the local CLI to the application. A successful exploit could allow the attacker to read arbitrary files on the underlying OS of the affected device. The attacker would need to have valid user credentials to exploit this vulnerability.

Related Vulnerabilities

CVE-2014-2079

MEDIUM

CVSS:5.5(Medium)

X File Explorer (aka xfe) might allow local users to bypass intended access restrictions and gain access to arbitrary files by leveraging failure to use directory masks when creating files on Samba an...

CWE-2642014

CVE-2015-8621

MEDIUM

CVSS:5.5(Medium)

t-coffee before 11.00.8cbe486-2 allows local users to write to ~/.t_coffee globally.

CWE-2642015

CVE-2016-10187

MEDIUM

CVSS:5.5(Medium)

The E-book viewer in calibre before 2.75 allows remote attackers to read arbitrary files via a crafted epub file with JavaScript.

CWE-2642016

CVE-2016-2202

MEDIUM

CVSS:5.5(Medium)

The Inventory Solution component in the Management Agent in the client in Symantec Altiris IT Management Suite (ITMS) through 7.6 HF7 allows local users to bypass intended application-blacklist restri...

CWE-2642016

CVE-2016-2457

MEDIUM

CVSS:5.5(Medium)

server/pm/UserManagerService.java in Wi-Fi in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 allows attackers to bypass intended restrictions on Wi-Fi configuration changes ...

CWE-2642016

CVE-2016-2809

MEDIUM

CVSS:5.5(Medium)

The Mozilla Maintenance Service updater in Mozilla Firefox before 46.0 on Windows allows user-assisted remote attackers to delete arbitrary files by leveraging certain local file execution.

CWE-2642016