Lucene search
K
CiscoSecure Client

9 matches found

CVE
CVE
added 2023/06/28 12:0 a.m.2692 views

CVE-2023-20178

CVE-2023-20178 affects Cisco AnyConnect Secure Mobility Client for Windows and Cisco Secure Client for Windows. The issue arises in the client update process after a VPN connection, where improper permissions on a temporary directory created during the update could allow a low-privileged, authent...

7.8CVSS7.6AI score0.05418EPSS
CVE
CVE
added 2024/05/06 6:31 p.m.353 views

CVE-2024-3661

CVE-2024-3661 – Summary : DHCP can inject routes via option 121 in the classless static route option, enabling an attacker on the same LAN to cause VPN traffic to leak onto the physical interface. This affects NetworkManager-based VPN setups where routes aren’t strictly bound to VPN interfaces. I...

7.6CVSS7.3AI score0.04063EPSS
CVE
CVE
added 2025/03/05 4:14 p.m.266 views

CVE-2025-20206

Cisco Secure Client for Windows is affected by an IPC channel vulnerability that could allow a local attacker with valid credentials to perform a DLL hijack and execute arbitrary code with SYSTEM privileges when the Secure Firewall Posture Engine (formerly HostScan) is installed. Root cause is in...

7.8CVSS7.7AI score0.00168EPSS
CVE
CVE
added 2024/03/06 4:30 p.m.193 views

CVE-2024-20337

Cisco Secure Client (formerly AnyConnect) is affected by CVE-2024-20337, a CRLF injection in the SAML authentication flow due to insufficient input validation. An unauthenticated, remote attacker could entice a user to click a crafted link during VPN session establishment, enabling script executi...

8.2CVSS8.6AI score0.29906EPSS
CVE
CVE
added 2024/03/06 4:29 p.m.158 views

CVE-2024-20338

Cisco Secure Client for Linux contains a privilege-escalation flaw in the ISE Posture (System Scan) module caused by an uncontrolled search path element. An authenticated, local attacker could place a malicious library in a targeted filesystem location and, after prompting an admin to restart a p...

7.3CVSS7.6AI score0.00888EPSS
CVE
CVE
added 2024/05/15 5:24 p.m.101 views

CVE-2024-20391

CVE-2024-20391 concerns the Cisco Secure Client’s Network Access Manager (NAM) module. The issue arises from a lack of authentication on a specific function, allowing an unauthenticated attacker with physical access to an affected device to elevate privileges to SYSTEM and execute arbitrary code ...

6.8CVSS7.7AI score0.00347EPSS
CVE
CVE
added 2023/11/22 5:10 p.m.75 views

CVE-2023-20240

Cisco Secure Client Software (formerly AnyConnect Secure Mobility Client) contains CVE-2023-20240: multiple DoS vulnerabilities caused by an out-of-bounds memory read. An authenticated, local attacker on a multi-user system can log in alongside another user, craft packets to a local port, and cra...

5.5CVSS5.4AI score0.00197EPSS
CVE
CVE
added 2023/11/22 5:10 p.m.67 views

CVE-2023-20241

Cisco Secure Client Software (formerly AnyConnect) is affected by multiple DoS vulnerabilities due to an out-of-bounds memory read. An authenticated, local attacker who has credentials on a multi-user system can exploit this by logging in while another user is active, sending crafted packets to a...

5.5CVSS5.4AI score0.00197EPSS
CVE
CVE
added 2024/10/23 5:49 p.m.67 views

CVE-2024-20474

CVE-2024-20474 is a Cisco Secure Client (formerly AnyConnect) vulnerability where the IKEv2 processing contains an integer underflow, allowing an unauthenticated remote attacker to crash the client and cause a DoS. A crafted IKEv2 packet can exploit the flaw on affected systems. Affected releases...

6.5CVSS4.9AI score0.00573EPSS