CVE-2021-34788— Cisco AnyConnect Secure Mobility Client for Linux and Mac OS with VPN Posture (HostScan) Module Shared Library Hijacking Vulnerability
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2021-34788
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cisco AnyConnect Secure Mobility Client for Linux and Mac OS with VPN Posture (HostScan) Module Shared Library Hijacking Vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability in the shared library loading mechanism of Cisco AnyConnect Secure Mobility Client for Linux and Mac OS could allow an authenticated, local attacker to perform a shared library hijacking attack on an affected device if the VPN Posture (HostScan) Module is installed on the AnyConnect client. This vulnerability is due to a race condition in the signature verification process for shared library files that are loaded on an affected device. An attacker could exploit this vulnerability by sending a series of crafted interprocess communication (IPC) messages to the AnyConnect process. A successful exploit could allow the attacker to execute arbitrary code on the affected device with root privileges. To exploit this vulnerability, the attacker must have a valid account on the system.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
检查时间与使用时间(TOCTOU)的竞争条件
Source: NVD (National Vulnerability Database)
Vulnerability Title
Cisco Anyconnect Secure Mobility Client 竞争条件问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Cisco Anyconnect Secure Mobility Client是美国思科(Cisco)公司的一款用于安全连接的VPN客户端软件。 Cisco AnyConnect Secure Mobility Client 存在竞争条件问题漏洞,该漏洞源于在受影响设备上加载的共享库文件的签名验证过程中存在竞争条件。攻击者可以通过向 AnyConnect 进程发送一系列精心设计的进程间通信 (IPC) 消息来利用此漏洞。成功的利用可能允许攻击者以root权限在受影响的设备上执行任意代码。要利用此漏洞,攻击
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Cisco | Cisco AnyConnect Secure Mobility Client | n/a | - |
II. Public POCs for CVE-2021-34788
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2021-34788
请登录查看更多情报信息。
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-lib-hija-cAFB7x4qvendor-advisoryx_refsource_CISCO
- https://nvd.nist.gov/vuln/detail/CVE-2021-34788
Same Patch Batch · Cisco · 2021-10-06 · 23 CVEs total
| CVE-2021-34710 | 8.8 HIGH | Cisco ATA 190 Series Analog Telephone Adapter Software Vulnerabilities |
| CVE-2021-34748 | 8.8 HIGH | Cisco Intersight Virtual Appliance Command Injection Vulnerability |
| CVE-2021-34735 | 8.8 HIGH | Cisco ATA 190 Series Analog Telephone Adapter Software Vulnerabilities |
| CVE-2021-34698 | 8.6 HIGH | Cisco Web Security Appliance Proxy Service Denial of Service Vulnerability |
| CVE-2021-1594 | 7.5 HIGH | Cisco Identity Services Engine Privilege Escalation Vulnerability |
| CVE-2021-34706 | 6.4 MEDIUM | Cisco Identity Services Engine XML External Entity Injection Vulnerability |
| CVE-2021-34742 | 6.1 MEDIUM | Cisco Vision Dynamic Signage Director Reflected Cross-Site Scripting Vulnerability |
| CVE-2021-1534 | 5.8 MEDIUM | Cisco Email Security Appliance URL Filtering Bypass Vulnerability |
| CVE-2021-34711 | 5.5 MEDIUM | Cisco IP Phone Software Arbitrary File Read Vulnerability |
| CVE-2021-34766 | 5.4 MEDIUM | Cisco Smart Software Manager Privilege Escalation Vulnerability |
| CVE-2021-34744 | 4.9 MEDIUM | Cisco Business 220 Series Smart Switches Static Key and Password Vulnerabilities |
| CVE-2021-34757 | 4.9 MEDIUM | Cisco Business 220 Series Smart Switches Static Key and Password Vulnerabilities |
| CVE-2021-34772 | 4.7 MEDIUM | Cisco Orbital Open Redirect Vulnerability |
| CVE-2021-34758 | 4.4 MEDIUM | Cisco TelePresence Collaboration Endpoint and RoomOS Software Denial of Service Vulnerabi |
| CVE-2021-34775 | 4.3 MEDIUM | Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabiliti |
| CVE-2021-34776 | 4.3 MEDIUM | Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabiliti |
| CVE-2021-34777 | 4.3 MEDIUM | Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabiliti |
| CVE-2021-34778 | 4.3 MEDIUM | Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabiliti |
| CVE-2021-34779 | 4.3 MEDIUM | Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabiliti |
| CVE-2021-34780 | 4.3 MEDIUM | Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabiliti |
Showing top 20 of 23 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same product: Cisco AnyConnect Secure Mobility Client
- CVE-2021-40124
Cisco AnyConnect Secure Mobility Client for Windows with Net - CVE-2021-1567
Cisco AnyConnect Secure Mobility Client for Windows with VPN - CVE-2021-1568
Cisco AnyConnect Secure Mobility Client for Windows Denial o - CVE-2021-1519
Cisco AnyConnect Secure Mobility Client Profile Modification - CVE-2021-1426
Cisco AnyConnect Secure Mobility Client for Windows DLL and
Same vendor: Cisco
- CVE-2026-20219
Cisco Slido 安全漏洞 - CVE-2026-20034
Cisco Unity Connection Remote Code Execution Vulnerability - CVE-2026-20035
Cisco Unity Connection Server-Side Request Forgery Vulnerabi - CVE-2026-20167
Cisco IoT Field Network Director Remote Device Denial of Ser - CVE-2026-20169
Cisco IoT Field Network Director Command Injection Vulnerabi
Same weakness: CWE-367
- CVE-2026-42344
FastGPT: DNS rebinding TOCTOU bypass in isInternalAddress al - CVE-2026-44694
n8n-MCP: Authenticated SSRF in n8n-mcp webhook and API clien - CVE-2025-69233
Apache CloudStack: Domain/account resources limits not honor - CVE-2026-34354
Akamai Guardicore Platform Agent 安全漏洞 - CVE-2026-41002
VMware Spring Cloud Config 安全漏洞
V. Comments for CVE-2021-34788
No comments yet