Cyber Resilience

CVE-2021-1240

Medium

Published: 13 January 2021

Published
13 January 2021
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
EPSS Score 0.0031 54.5th percentile
Risk Priority 10 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-1240 is a medium-severity Uncontrolled Search Path Element (CWE-427) vulnerability in Cisco Proximity. Its CVSS base score is 4.8 (Medium).

Operationally, ranked in the top 45.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

A vulnerability in the loading process of specific DLLs in Cisco Proximity Desktop for Windows could allow an authenticated, local attacker to load a malicious library. To exploit this vulnerability, the attacker must have valid credentials on the Windows system.…

more

This vulnerability is due to incorrect handling of directory paths at run time. An attacker could exploit this vulnerability by placing a malicious DLL file in a specific location on the targeted system. This file will execute when the vulnerable application launches. A successful exploit could allow the attacker to execute arbitrary code on the targeted system with the privileges of another user’s account.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

cisco
proximity
≤ 3.1.0

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References