CVSS: 5.5EPSS: 0%CPEs: 30EXPL: 0CVE-2023-20241
https://notcve.org/view.php?id=CVE-2023-20241
22 Nov 2023 — Multiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client, could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. These vulnerabilities are due to an out-of-bounds memory read from Cisco Secure Client Software. An attacker could exploit these vulnerabilities by logging in to an affected device at the same time that another user is accessing Cisco Secure Client on the same system, and then sending crafted pac... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-accsc-dos-9SLzkZ8 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 30EXPL: 0CVE-2023-20240
https://notcve.org/view.php?id=CVE-2023-20240
22 Nov 2023 — Multiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client, could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. These vulnerabilities are due to an out-of-bounds memory read from Cisco Secure Client Software. An attacker could exploit these vulnerabilities by logging in to an affected device at the same time that another user is accessing Cisco Secure Client on the same system, and then sending crafted pac... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-accsc-dos-9SLzkZ8 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 25%CPEs: 2EXPL: 1CVE-2023-20178
https://notcve.org/view.php?id=CVE-2023-20178
28 Jun 2023 — A vulnerability in the client update process of Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows could allow a low-privileged, authenticated, local attacker to elevate privileges to those of SYSTEM. The client update process is executed after a successful VPN connection is established. This vulnerability exists because improper permissions are assigned to a temporary directory that is created during the update process. An attacker could exploit this v... • https://github.com/Wh04m1001/CVE-2023-20178 • CWE-276: Incorrect Default Permissions •
CVSS: 7.3EPSS: 0%CPEs: 3EXPL: 0CVE-2010-5203
https://notcve.org/view.php?id=CVE-2010-5203
06 Sep 2012 — Multiple untrusted search path vulnerabilities in NCP Secure Enterprise Client before 9.21 Build 68, Secure Entry Client before 9.23 Build 18, and Secure Client - Juniper Edition before 9.23 Build 18 allow local users to gain privileges via a Trojan horse (1) dvccsabase002.dll, (2) conman.dll, (3) kmpapi32.dll, or (4) ncpmon2.dll file in the current working directory, as demonstrated by a directory that contains a .pcf or .spd file. NOTE: some of these details are obtained from third party information. Múlt... • http://secunia.com/advisories/41388 •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2006-3551
https://notcve.org/view.php?id=CVE-2006-3551
13 Jul 2006 — NCP Secure Enterprise Client (aka VPN/PKI client) 8.30 Build 59, and possibly earlier versions, when the Link Firewall and Personal Firewall are both configured to block all inbound and outbound network traffic, allows context-dependent attackers to send inbound UDP traffic with source port 67 and destination port 68, and outbound UDP traffic with source port 68 and destination port 67. NCP Secure Enterprise Client (también conocido como VPN/PKI client) 8.30 Build 59, y posiblemente anteriores versiones, cu... • http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047547.html •