Summary
Detail | |||
---|---|---|---|
Vendor | Cisco | First view | 2023-06-28 |
Product | Secure Client | Last view | 2024-10-23 |
Version | 4.10.08025 | Type | Application |
Update | * | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:a:cisco:secure_client |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
6.5 | 2024-10-23 | CVE-2024-20474 | A vulnerability in Internet Key Exchange version 2 (IKEv2) processing of Cisco Secure Client Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) of Cisco Secure Client. This vulnerability is due to an integer underflow condition. An attacker could exploit this vulnerability by sending a crafted IKEv2 packet to an affected system. A successful exploit could allow the attacker to cause Cisco Secure Client Software to crash, resulting in a DoS condition on the client software. Note: Cisco Secure Client Software releases 4.10 and earlier were known as Cisco AnyConnect Secure Mobility Client. |
7.8 | 2023-06-28 | CVE-2023-20178 | A vulnerability in the client update process of Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows could allow a low-privileged, authenticated, local attacker to elevate privileges to those of SYSTEM. The client update process is executed after a successful VPN connection is established. This vulnerability exists because improper permissions are assigned to a temporary directory that is created during the update process. An attacker could exploit this vulnerability by abusing a specific function of the Windows installer process. A successful exploit could allow the attacker to execute code with SYSTEM privileges. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
50% (1) | CWE-276 | Incorrect Default Permissions |
50% (1) | CWE-191 | Integer Underflow (Wrap or Wraparound) |