9 matches found
CVE-2023-20178
CVE-2023-20178 affects Cisco AnyConnect Secure Mobility Client for Windows and Cisco Secure Client for Windows. The issue arises in the client update process after a VPN connection, where improper permissions on a temporary directory created during the update could allow a low-privileged, authent...
CVE-2024-3661
CVE-2024-3661 – Summary : DHCP can inject routes via option 121 in the classless static route option, enabling an attacker on the same LAN to cause VPN traffic to leak onto the physical interface. This affects NetworkManager-based VPN setups where routes aren’t strictly bound to VPN interfaces. I...
CVE-2025-20206
Cisco Secure Client for Windows is affected by an IPC channel vulnerability that could allow a local attacker with valid credentials to perform a DLL hijack and execute arbitrary code with SYSTEM privileges when the Secure Firewall Posture Engine (formerly HostScan) is installed. Root cause is in...
CVE-2024-20337
Cisco Secure Client (formerly AnyConnect) is affected by CVE-2024-20337, a CRLF injection in the SAML authentication flow due to insufficient input validation. An unauthenticated, remote attacker could entice a user to click a crafted link during VPN session establishment, enabling script executi...
CVE-2024-20338
Cisco Secure Client for Linux contains a privilege-escalation flaw in the ISE Posture (System Scan) module caused by an uncontrolled search path element. An authenticated, local attacker could place a malicious library in a targeted filesystem location and, after prompting an admin to restart a p...
CVE-2024-20391
CVE-2024-20391 concerns the Cisco Secure Client’s Network Access Manager (NAM) module. The issue arises from a lack of authentication on a specific function, allowing an unauthenticated attacker with physical access to an affected device to elevate privileges to SYSTEM and execute arbitrary code ...
CVE-2023-20240
Cisco Secure Client Software (formerly AnyConnect Secure Mobility Client) contains CVE-2023-20240: multiple DoS vulnerabilities caused by an out-of-bounds memory read. An authenticated, local attacker on a multi-user system can log in alongside another user, craft packets to a local port, and cra...
CVE-2023-20241
Cisco Secure Client Software (formerly AnyConnect) is affected by multiple DoS vulnerabilities due to an out-of-bounds memory read. An authenticated, local attacker who has credentials on a multi-user system can exploit this by logging in while another user is active, sending crafted packets to a...
CVE-2024-20474
CVE-2024-20474 is a Cisco Secure Client (formerly AnyConnect) vulnerability where the IKEv2 processing contains an integer underflow, allowing an unauthenticated remote attacker to crash the client and cause a DoS. A crafted IKEv2 packet can exploit the flaw on affected systems. Affected releases...