Vulnerabilities > Cisco > Anyconnect Secure Mobility Client
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-23 | CVE-2024-20474 | Integer Underflow (Wrap or Wraparound) vulnerability in Cisco Anyconnect Secure Mobility Client and Secure Client A vulnerability in Internet Key Exchange version 2 (IKEv2) processing of Cisco Secure Client Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) of Cisco Secure Client. This vulnerability is due to an integer underflow condition. | 6.5 |
| 2023-11-22 | CVE-2023-20240 | Out-of-bounds Read vulnerability in Cisco Anyconnect Secure Mobility Client and Secure Client Multiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client, could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. | 5.5 |
| 2023-11-22 | CVE-2023-20241 | Out-of-bounds Read vulnerability in Cisco Anyconnect Secure Mobility Client and Secure Client Multiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client, could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. These vulnerabilities are due to an out-of-bounds memory read from Cisco Secure Client Software. | 5.5 |
| 2023-06-28 | CVE-2023-20178 | Incorrect Default Permissions vulnerability in Cisco Anyconnect Secure Mobility Client and Secure Client A vulnerability in the client update process of Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows could allow a low-privileged, authenticated, local attacker to elevate privileges to those of SYSTEM. | 7.8 |
| 2021-11-04 | CVE-2021-40124 | Improper Privilege Management vulnerability in Cisco Anyconnect Secure Mobility Client A vulnerability in the Network Access Manager (NAM) module of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to escalate privileges on an affected device. | 7.8 |
| 2021-10-06 | CVE-2021-34788 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Cisco Anyconnect Secure Mobility Client A vulnerability in the shared library loading mechanism of Cisco AnyConnect Secure Mobility Client for Linux and Mac OS could allow an authenticated, local attacker to perform a shared library hijacking attack on an affected device if the VPN Posture (HostScan) Module is installed on the AnyConnect client. | 7.0 |
| 2021-06-16 | CVE-2021-1567 | Uncontrolled Search Path Element vulnerability in Cisco Anyconnect Secure Mobility Client A vulnerability in the DLL loading mechanism of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device if the VPN Posture (HostScan) Module is installed on the AnyConnect client. | 6.7 |
| 2021-06-16 | CVE-2021-1568 | Uncontrolled Memory Allocation vulnerability in Cisco Anyconnect Secure Mobility Client A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. | 5.5 |
| 2021-05-06 | CVE-2021-1426 | Uncontrolled Search Path Element vulnerability in Cisco Anyconnect Secure Mobility Client Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or executable files that are used by the application. | 7.8 |
| 2021-05-06 | CVE-2021-1427 | Uncontrolled Search Path Element vulnerability in Cisco Anyconnect Secure Mobility Client Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or executable files that are used by the application. | 7.8 |