Cisco Secure Client
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Cisco Secure Client.
Recent Cisco Secure Client Security Advisories
| Advisory | Title | Published |
|---|---|---|
| 2025-03-06 | Cisco Secure Client for Windows with Secure Firewall Posture Engine DLL Hijacking Vulnerability | March 6, 2025 |
| 2024-10-23 | Cisco Secure Client Software Denial of Service Vulnerability | October 23, 2024 |
| 2024-05-15 | Cisco Secure Client for Windows with Network Access Manager Module Privilege Escalation Vulnerability | May 15, 2024 |
| 2024-03-06 | Cisco Secure Client for Linux with ISE Posture Module Privilege Escalation Vulnerability | March 6, 2024 |
| 2024-03-06 | Cisco Secure Client Carriage Return Line Feed Injection Vulnerability | March 6, 2024 |
| 2023-11-16 | Cisco Secure Client Software Denial of Service Vulnerabilities | November 16, 2023 |
| 2023-08-08 | Bypassing Tunnels: Leaking VPN Client Traffic by Abusing Routing Tables Affecting Cisco AnyConnect Secure Mobility Client and Cisco Secure Client | August 8, 2023 |
| 2023-06-07 | Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows Privilege Escalation Vulnerability | June 7, 2023 |
By the Year
In 2026 there have been 0 vulnerabilities in Cisco Secure Client. Last year, in 2025 Secure Client had 1 security vulnerability published. Right now, Secure Client is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 1 | 7.80 |
| 2024 | 5 | 7.05 |
| 2023 | 3 | 6.27 |
It may take a day or so for new Secure Client vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Cisco Secure Client Security Vulnerabilities
DLL Hijacking via IPC in Cisco Secure Client (HostScan)
CVE-2025-20206
7.8 - High
- March 05, 2025
A vulnerability in the interprocess communication (IPC) channel of Cisco Secure Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device if the Secure Firewall Posture Engine, formerly HostScan, is installed on Cisco Secure Client. This vulnerability is due to insufficient validation of resources that are loaded by the application at run time. An attacker could exploit this vulnerability by sending a crafted IPC message to a specific Cisco Secure Client process. A successful exploit could allow the attacker to execute arbitrary code on the affected machine with SYSTEM privileges. To exploit this vulnerability, the attacker must have valid user credentials on the Windows system.
Improper Verification of Cryptographic Signature
Cisco Secure Client IKEv2 Integer Underflow DoS (<=4.10)
CVE-2024-20474
6.5 - Medium
- October 23, 2024
A vulnerability in Internet Key Exchange version 2 (IKEv2) processing of Cisco Secure Client Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) of Cisco Secure Client. This vulnerability is due to an integer underflow condition. An attacker could exploit this vulnerability by sending a crafted IKEv2 packet to an affected system. A successful exploit could allow the attacker to cause Cisco Secure Client Software to crash, resulting in a DoS condition on the client software. Note: Cisco Secure Client Software releases 4.10 and earlier were known as Cisco AnyConnect Secure Mobility Client.
Integer underflow
CVE-2024-20391: Privilege Escalation in Cisco Secure Client via NAM Module
CVE-2024-20391
- May 15, 2024
A vulnerability in the Network Access Manager (NAM) module of Cisco Secure Client could allow an unauthenticated attacker with physical access to an affected device to elevate privileges to SYSTEM. This vulnerability is due to a lack of authentication on a specific function. A successful exploit could allow the attacker to execute arbitrary code with SYSTEM privileges on an affected device.
DHCP Client Leak via Classless Static Route (121)
CVE-2024-3661
7.6 - High
- May 06, 2024
DHCP can add routes to a clients routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN.
Missing Authentication for Critical Function
Privilege Escalation via Uncontrolled Search Path in Cisco Secure Client
CVE-2024-20338
- March 06, 2024
A vulnerability in the ISE Posture (System Scan) module of Cisco Secure Client for Linux could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to the use of an uncontrolled search path element. An attacker could exploit this vulnerability by copying a malicious library file to a specific directory in the filesystem and persuading an administrator to restart a specific process. A successful exploit could allow the attacker to execute arbitrary code on an affected device with root privileges.
Unauth CRLF injection in Cisco Secure Client SAML
CVE-2024-20337
- March 06, 2024
A vulnerability in the SAML authentication process of Cisco Secure Client could allow an unauthenticated, remote attacker to conduct a carriage return line feed (CRLF) injection attack against a user. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link while establishing a VPN session. A successful exploit could allow the attacker to execute arbitrary script code in the browser or access sensitive, browser-based information, including a valid SAML token. The attacker could then use the token to establish a remote access VPN session with the privileges of the affected user. Individual hosts and services behind the VPN headend would still need additional credentials for successful access.
Cisco Secure Client DoS via Auth Local OutofBounds Read
CVE-2023-20241
5.5 - Medium
- November 22, 2023
Multiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client, could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. These vulnerabilities are due to an out-of-bounds memory read from Cisco Secure Client Software. An attacker could exploit these vulnerabilities by logging in to an affected device at the same time that another user is accessing Cisco Secure Client on the same system, and then sending crafted packets to a port on that local host. A successful exploit could allow the attacker to crash the VPN Agent service, causing it to be unavailable to all users of the system. To exploit these vulnerabilities, the attacker must have valid credentials on a multi-user system.
Out-of-bounds Read
CVE-2023-20240: DoS via OOB Read in Cisco Secure Client VPN Agent
CVE-2023-20240
5.5 - Medium
- November 22, 2023
Multiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client, could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. These vulnerabilities are due to an out-of-bounds memory read from Cisco Secure Client Software. An attacker could exploit these vulnerabilities by logging in to an affected device at the same time that another user is accessing Cisco Secure Client on the same system, and then sending crafted packets to a port on that local host. A successful exploit could allow the attacker to crash the VPN Agent service, causing it to be unavailable to all users of the system. To exploit these vulnerabilities, the attacker must have valid credentials on a multi-user system.
Out-of-bounds Read
Privilege Escalation in Cisco AnyConnect via Temp Dir Misperm
CVE-2023-20178
7.8 - High
- June 28, 2023
A vulnerability in the client update process of Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows could allow a low-privileged, authenticated, local attacker to elevate privileges to those of SYSTEM. The client update process is executed after a successful VPN connection is established. This vulnerability exists because improper permissions are assigned to a temporary directory that is created during the update process. An attacker could exploit this vulnerability by abusing a specific function of the Windows installer process. A successful exploit could allow the attacker to execute code with SYSTEM privileges.
Incorrect Default Permissions
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Cisco Secure Client or by Cisco? Click the Watch button to subscribe.
