Cisco Secure Client
Recent Cisco Secure Client Security Advisories
| Advisory | Title | Published |
|---|---|---|
| 2024-03-06 | Cisco Secure Client for Linux with ISE Posture Module Privilege Escalation Vulnerability | March 6, 2024 |
| 2024-03-06 | Cisco Secure Client Carriage Return Line Feed Injection Vulnerability | March 6, 2024 |
| 2023-11-16 | Cisco Secure Client Software Denial of Service Vulnerabilities | November 16, 2023 |
| 2023-08-08 | Bypassing Tunnels: Leaking VPN Client Traffic by Abusing Routing Tables Affecting Cisco AnyConnect Secure Mobility Client and Cisco Secure Client | August 8, 2023 |
| 2023-06-07 | Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows Privilege Escalation Vulnerability | June 7, 2023 |
By the Year
In 2024 there have been 0 vulnerabilities in Cisco Secure Client . Last year Secure Client had 3 security vulnerabilities published. Right now, Secure Client is on track to have less security vulnerabilities in 2024 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 3 | 6.27 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Secure Client vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Cisco Secure Client Security Vulnerabilities
Multiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client, could
CVE-2023-20241
5.5 - Medium
- November 22, 2023
Multiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client, could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. These vulnerabilities are due to an out-of-bounds memory read from Cisco Secure Client Software. An attacker could exploit these vulnerabilities by logging in to an affected device at the same time that another user is accessing Cisco Secure Client on the same system, and then sending crafted packets to a port on that local host. A successful exploit could allow the attacker to crash the VPN Agent service, causing it to be unavailable to all users of the system. To exploit these vulnerabilities, the attacker must have valid credentials on a multi-user system.
Out-of-bounds Read
Multiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client, could
CVE-2023-20240
5.5 - Medium
- November 22, 2023
Multiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client, could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. These vulnerabilities are due to an out-of-bounds memory read from Cisco Secure Client Software. An attacker could exploit these vulnerabilities by logging in to an affected device at the same time that another user is accessing Cisco Secure Client on the same system, and then sending crafted packets to a port on that local host. A successful exploit could allow the attacker to crash the VPN Agent service, causing it to be unavailable to all users of the system. To exploit these vulnerabilities, the attacker must have valid credentials on a multi-user system.
Out-of-bounds Read
A vulnerability in the client update process of Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows could
CVE-2023-20178
7.8 - High
- June 28, 2023
A vulnerability in the client update process of Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows could allow a low-privileged, authenticated, local attacker to elevate privileges to those of SYSTEM. The client update process is executed after a successful VPN connection is established. This vulnerability exists because improper permissions are assigned to a temporary directory that is created during the update process. An attacker could exploit this vulnerability by abusing a specific function of the Windows installer process. A successful exploit could allow the attacker to execute code with SYSTEM privileges.
Incorrect Default Permissions
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Cisco Anyconnect Secure Mobility Client or by Cisco? Click the Watch button to subscribe.
