Cisco Secure Client vulnerabilities
9 known vulnerabilities affecting cisco/cisco_secure_client.
Total CVEs
9
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH4MEDIUM5
Vulnerabilities
Page 1 of 1
CVE-2025-20206HIGHCVSS 7.8v4.9.00086v4.9.01095+40 more2025-03-05
CVE-2025-20206 [HIGH] CWE-347 CVE-2025-20206: A vulnerability in the interprocess communication (IPC) channel of Cisco Secure Client for Windows c
A vulnerability in the interprocess communication (IPC) channel of Cisco Secure Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device if the Secure Firewall Posture Engine, formerly HostScan, is installed on Cisco Secure Client.
This vulnerability is due to insufficient validation of r
cvelistv5nvd
CVE-2020-3432MEDIUMCVSS 5.6vN/A2025-02-12
CVE-2020-3432 [MEDIUM] CWE-59 CVE-2020-3432: A vulnerability in the uninstaller component of Cisco AnyConnect Secure Mobility Client for Mac OS c
A vulnerability in the uninstaller component of Cisco AnyConnect Secure Mobility Client for Mac OS could allow an authenticated, local attacker to corrupt the content of any file in the filesystem.
The vulnerability is due to the incorrect handling of directory paths. An attacker could exploit this vulnerability by creating a symbolic link (symlink) to
cvelistv5nvd
CVE-2024-20474MEDIUMCVSS 6.5v4.9.00086v4.9.01095+36 more2024-10-23
CVE-2024-20474 [MEDIUM] CWE-191 CVE-2024-20474: A vulnerability in Internet Key Exchange version 2 (IKEv2) processing of Cisco Secure Client Softwar
A vulnerability in Internet Key Exchange version 2 (IKEv2) processing of Cisco Secure Client Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) of Cisco Secure Client.
This vulnerability is due to an integer underflow condition. An attacker could exploit this vulnerability by sending a crafted IKEv2 packet to
cvelistv5nvd
CVE-2024-20391MEDIUMCVSS 6.8v4.9.00086v4.9.01095+35 more2024-05-15
CVE-2024-20391 [MEDIUM] CWE-306 CVE-2024-20391: A vulnerability in the Network Access Manager (NAM) module of Cisco Secure Client could allow an una
A vulnerability in the Network Access Manager (NAM) module of Cisco Secure Client could allow an unauthenticated attacker with physical access to an affected device to elevate privileges to SYSTEM.
This vulnerability is due to a lack of authentication on a specific function. A successful exploit could allow the attacker to execute arbitrary code wit
cvelistv5nvd
CVE-2024-20337HIGHCVSS 8.2v4.9.00086v4.9.01095+32 more2024-03-06
CVE-2024-20337 [HIGH] CWE-93 CVE-2024-20337: A vulnerability in the SAML authentication process of Cisco Secure Client could allow an unauthentic
A vulnerability in the SAML authentication process of Cisco Secure Client could allow an unauthenticated, remote attacker to conduct a carriage return line feed (CRLF) injection attack against a user.
This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a
cvelistv5nvd
CVE-2024-20338HIGHCVSS 7.3vN/A2024-03-06
CVE-2024-20338 [HIGH] CWE-427 CVE-2024-20338: A vulnerability in the ISE Posture (System Scan) module of Cisco Secure Client for Linux could allow
A vulnerability in the ISE Posture (System Scan) module of Cisco Secure Client for Linux could allow an authenticated, local attacker to elevate privileges on an affected device.
This vulnerability is due to the use of an uncontrolled search path element. An attacker could exploit this vulnerability by copying a malicious library file to a specific di
cvelistv5nvd
CVE-2023-20240MEDIUMCVSS 5.5v4.9.00086v4.9.01095+28 more2023-11-22
CVE-2023-20240 [MEDIUM] CWE-125 CVE-2023-20240: Multiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client
Multiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client, could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. These vulnerabilities are due to an out-of-bounds memory read from Cisco Secure Client Software. An attacker could exploit these vulnera
cvelistv5nvd
CVE-2023-20241MEDIUMCVSS 5.5v4.9.00086v4.9.01095+29 more2023-11-22
CVE-2023-20241 [MEDIUM] CWE-125 CVE-2023-20241: Multiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client
Multiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client, could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system.
These vulnerabilities are due to an out-of-bounds memory read from Cisco Secure Client Software. An attacker could exploit these vulnera
cvelistv5nvd
CVE-2023-20178HIGHCVSS 7.8v4.9.00086v4.9.01095+22 more2023-06-28
CVE-2023-20178 [HIGH] CWE-276 CVE-2023-20178: A vulnerability in the client update process of Cisco AnyConnect Secure Mobility Client Software for
A vulnerability in the client update process of Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows could allow a low-privileged, authenticated, local attacker to elevate privileges to those of SYSTEM. The client update process is executed after a successful VPN connection is established.
This vuln
cvelistv5nvd