CVSS: 7.1EPSS: 0%CPEs: 42EXPL: 0CVE-2025-20206 – Cisco Secure Client for Windows with VPN Posture (HostScan) Module DLL Hijacking Vulnerability
https://notcve.org/view.php?id=CVE-2025-20206
05 Mar 2025 — A vulnerability in the interprocess communication (IPC) channel of Cisco Secure Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device if the Secure Firewall Posture Engine, formerly HostScan, is installed on Cisco Secure Client. This vulnerability is due to insufficient validation of resources that are loaded by the application at run time. An attacker could exploit this vulnerability by sending a crafted IPC message to a specific Cisco Secur... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-dll-injection-AOyzEqSg • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 5.0EPSS: 0%CPEs: 38EXPL: 0CVE-2024-20474
https://notcve.org/view.php?id=CVE-2024-20474
23 Oct 2024 — A vulnerability in Internet Key Exchange version 2 (IKEv2) processing of Cisco Secure Client Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) of Cisco Secure Client. This vulnerability is due to an integer underflow condition. An attacker could exploit this vulnerability by sending a crafted IKEv2 packet to an affected system. A successful exploit could allow the attacker to cause Cisco Secure Client Software to crash, resulting in a DoS condition on the client sof... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csc-dos-XvPhM3bj • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 7.2EPSS: 0%CPEs: 37EXPL: 0CVE-2024-20391
https://notcve.org/view.php?id=CVE-2024-20391
15 May 2024 — A vulnerability in the Network Access Manager (NAM) module of Cisco Secure Client could allow an unauthenticated attacker with physical access to an affected device to elevate privileges to SYSTEM. This vulnerability is due to a lack of authentication on a specific function. A successful exploit could allow the attacker to execute arbitrary code with SYSTEM privileges on an affected device. Una vulnerabilidad en el módulo Network Access Manager (NAM) de Cisco Secure Client podría permitir que un atacante no... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-nam-priv-esc-szu2vYpZ • CWE-306: Missing Authentication for Critical Function •
CVSS: 8.5EPSS: 3%CPEs: 34EXPL: 0CVE-2024-20337
https://notcve.org/view.php?id=CVE-2024-20337
06 Mar 2024 — A vulnerability in the SAML authentication process of Cisco Secure Client could allow an unauthenticated, remote attacker to conduct a carriage return line feed (CRLF) injection attack against a user. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link while establishing a VPN session. A successful exploit could allow the attacker to execute arbitrary script code in the browser or access sensit... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-client-crlf-W43V4G7 • CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection') •
CVSS: 5.5EPSS: 0%CPEs: 30EXPL: 0CVE-2023-20241
https://notcve.org/view.php?id=CVE-2023-20241
22 Nov 2023 — Multiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client, could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. These vulnerabilities are due to an out-of-bounds memory read from Cisco Secure Client Software. An attacker could exploit these vulnerabilities by logging in to an affected device at the same time that another user is accessing Cisco Secure Client on the same system, and then sending crafted pac... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-accsc-dos-9SLzkZ8 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 30EXPL: 0CVE-2023-20240
https://notcve.org/view.php?id=CVE-2023-20240
22 Nov 2023 — Multiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client, could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. These vulnerabilities are due to an out-of-bounds memory read from Cisco Secure Client Software. An attacker could exploit these vulnerabilities by logging in to an affected device at the same time that another user is accessing Cisco Secure Client on the same system, and then sending crafted pac... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-accsc-dos-9SLzkZ8 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 25%CPEs: 2EXPL: 1CVE-2023-20178
https://notcve.org/view.php?id=CVE-2023-20178
28 Jun 2023 — A vulnerability in the client update process of Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows could allow a low-privileged, authenticated, local attacker to elevate privileges to those of SYSTEM. The client update process is executed after a successful VPN connection is established. This vulnerability exists because improper permissions are assigned to a temporary directory that is created during the update process. An attacker could exploit this v... • https://github.com/Wh04m1001/CVE-2023-20178 • CWE-276: Incorrect Default Permissions •
CVSS: 7.3EPSS: 0%CPEs: 3EXPL: 0CVE-2010-5203
https://notcve.org/view.php?id=CVE-2010-5203
06 Sep 2012 — Multiple untrusted search path vulnerabilities in NCP Secure Enterprise Client before 9.21 Build 68, Secure Entry Client before 9.23 Build 18, and Secure Client - Juniper Edition before 9.23 Build 18 allow local users to gain privileges via a Trojan horse (1) dvccsabase002.dll, (2) conman.dll, (3) kmpapi32.dll, or (4) ncpmon2.dll file in the current working directory, as demonstrated by a directory that contains a .pcf or .spd file. NOTE: some of these details are obtained from third party information. Múlt... • http://secunia.com/advisories/41388 •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2006-3551
https://notcve.org/view.php?id=CVE-2006-3551
13 Jul 2006 — NCP Secure Enterprise Client (aka VPN/PKI client) 8.30 Build 59, and possibly earlier versions, when the Link Firewall and Personal Firewall are both configured to block all inbound and outbound network traffic, allows context-dependent attackers to send inbound UDP traffic with source port 67 and destination port 68, and outbound UDP traffic with source port 68 and destination port 67. NCP Secure Enterprise Client (también conocido como VPN/PKI client) 8.30 Build 59, y posiblemente anteriores versiones, cu... • http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047547.html •