Vulnerabilities > Cisco > Anyconnect Secure Mobility Client

DATE CVE VULNERABILITY TITLE RISK
2024-10-23 CVE-2024-20474 Integer Underflow (Wrap or Wraparound) vulnerability in Cisco Anyconnect Secure Mobility Client and Secure Client
A vulnerability in Internet Key Exchange version 2 (IKEv2) processing of Cisco Secure Client Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) of Cisco Secure Client. This vulnerability is due to an integer underflow condition.
network
low complexity
cisco CWE-191
6.5
2023-11-22 CVE-2023-20240 Out-of-bounds Read vulnerability in Cisco Anyconnect Secure Mobility Client and Secure Client
Multiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client, could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system.
local
low complexity
cisco CWE-125
5.5
2023-11-22 CVE-2023-20241 Out-of-bounds Read vulnerability in Cisco Anyconnect Secure Mobility Client and Secure Client
Multiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client, could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. These vulnerabilities are due to an out-of-bounds memory read from Cisco Secure Client Software.
local
low complexity
cisco CWE-125
5.5
2023-06-28 CVE-2023-20178 Incorrect Default Permissions vulnerability in Cisco Anyconnect Secure Mobility Client and Secure Client
A vulnerability in the client update process of Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows could allow a low-privileged, authenticated, local attacker to elevate privileges to those of SYSTEM.
local
low complexity
cisco CWE-276
7.8
2021-11-04 CVE-2021-40124 Improper Privilege Management vulnerability in Cisco Anyconnect Secure Mobility Client
A vulnerability in the Network Access Manager (NAM) module of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to escalate privileges on an affected device.
local
low complexity
cisco CWE-269
7.8
2021-10-06 CVE-2021-34788 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Cisco Anyconnect Secure Mobility Client
A vulnerability in the shared library loading mechanism of Cisco AnyConnect Secure Mobility Client for Linux and Mac OS could allow an authenticated, local attacker to perform a shared library hijacking attack on an affected device if the VPN Posture (HostScan) Module is installed on the AnyConnect client.
local
high complexity
cisco CWE-367
7.0
2021-06-16 CVE-2021-1567 Uncontrolled Search Path Element vulnerability in Cisco Anyconnect Secure Mobility Client
A vulnerability in the DLL loading mechanism of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device if the VPN Posture (HostScan) Module is installed on the AnyConnect client.
local
high complexity
cisco CWE-427
6.7
2021-06-16 CVE-2021-1568 Unspecified vulnerability in Cisco Anyconnect Secure Mobility Client
A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system.
local
low complexity
cisco
5.5
2021-05-06 CVE-2021-1426 Uncontrolled Search Path Element vulnerability in Cisco Anyconnect Secure Mobility Client
Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or executable files that are used by the application.
local
low complexity
cisco CWE-427
7.8
2021-05-06 CVE-2021-1427 Uncontrolled Search Path Element vulnerability in Cisco Anyconnect Secure Mobility Client
Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or executable files that are used by the application.
local
low complexity
cisco CWE-427
7.8