Cisco Secure Client vulnerabilities

CVE-2025-20206 [HIGH] CWE-347 CVE-2025-20206: A vulnerability in the interprocess communication (IPC) channel of Cisco Secure Client for Windows c A vulnerability in the interprocess communication (IPC) channel of Cisco Secure Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device if the Secure Firewall Posture Engine, formerly HostScan, is installed on Cisco Secure Client. This vulnerability is due to insufficient validation of r

CVE-2024-20474 [MEDIUM] CWE-191 CVE-2024-20474: A vulnerability in Internet Key Exchange version 2 (IKEv2) processing of Cisco Secure Client Softwar A vulnerability in Internet Key Exchange version 2 (IKEv2) processing of Cisco Secure Client Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) of Cisco Secure Client. This vulnerability is due to an integer underflow condition. An attacker could exploit this vulnerability by sending a crafted IKEv2 packet to

CVE-2024-20391 [MEDIUM] CWE-306 CVE-2024-20391: A vulnerability in the Network Access Manager (NAM) module of Cisco Secure Client could allow an una A vulnerability in the Network Access Manager (NAM) module of Cisco Secure Client could allow an unauthenticated attacker with physical access to an affected device to elevate privileges to SYSTEM. This vulnerability is due to a lack of authentication on a specific function. A successful exploit could allow the attacker to execute arbitrary code wit

CVE-2024-20337 [HIGH] CWE-93 CVE-2024-20337: A vulnerability in the SAML authentication process of Cisco Secure Client could allow an unauthentic A vulnerability in the SAML authentication process of Cisco Secure Client could allow an unauthenticated, remote attacker to conduct a carriage return line feed (CRLF) injection attack against a user. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a

CVE-2024-20338 [HIGH] CWE-427 CVE-2024-20338: A vulnerability in the ISE Posture (System Scan) module of Cisco Secure Client for Linux could allow A vulnerability in the ISE Posture (System Scan) module of Cisco Secure Client for Linux could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to the use of an uncontrolled search path element. An attacker could exploit this vulnerability by copying a malicious library file to a specific di

CVE-2023-20240 [MEDIUM] CWE-125 CVE-2023-20240: Multiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client Multiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client, could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. These vulnerabilities are due to an out-of-bounds memory read from Cisco Secure Client Software. An attacker could exploit these vulnera

CVE-2023-20241 [MEDIUM] CWE-125 CVE-2023-20241: Multiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client Multiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client, could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. These vulnerabilities are due to an out-of-bounds memory read from Cisco Secure Client Software. An attacker could exploit these vulnera

CVE-2023-20178 [HIGH] CWE-276 CVE-2023-20178: A vulnerability in the client update process of Cisco AnyConnect Secure Mobility Client Software for A vulnerability in the client update process of Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows could allow a low-privileged, authenticated, local attacker to elevate privileges to those of SYSTEM. The client update process is executed after a successful VPN connection is established. This vuln