A vulnerability in the upgrade process of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device.
This vulnerability exists because a temporary file with insecure permissions is created during the upgrade process. An attacker could exploit this vulnerability by overwriting the temporary file before it is accessed for execution. A successful exploit could allow the attacker to execute arbitrary code on the affected device with SYSTEM privileges. To exploit this vulnerability, the attacker must have valid credentials on the Windows system.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.