All the vulnerabilites related to Cisco - Cisco Secure Client
cve-2023-20241
Vulnerability from cvelistv5
Published
2023-11-22 17:10
Modified
2024-08-02 09:05
Summary
Multiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client, could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. These vulnerabilities are due to an out-of-bounds memory read from Cisco Secure Client Software. An attacker could exploit these vulnerabilities by logging in to an affected device at the same time that another user is accessing Cisco Secure Client on the same system, and then sending crafted packets to a port on that local host. A successful exploit could allow the attacker to crash the VPN Agent service, causing it to be unavailable to all users of the system. To exploit these vulnerabilities, the attacker must have valid credentials on a multi-user system.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T09:05:35.856Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "cisco-sa-accsc-dos-9SLzkZ8",
            "tags": [
              "x_transferred"
            ],
            "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-accsc-dos-9SLzkZ8"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Secure Client",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "4.9.00086"
            },
            {
              "status": "affected",
              "version": "4.9.01095"
            },
            {
              "status": "affected",
              "version": "4.9.02028"
            },
            {
              "status": "affected",
              "version": "4.9.03047"
            },
            {
              "status": "affected",
              "version": "4.9.03049"
            },
            {
              "status": "affected",
              "version": "4.9.04043"
            },
            {
              "status": "affected",
              "version": "4.9.04053"
            },
            {
              "status": "affected",
              "version": "4.9.05042"
            },
            {
              "status": "affected",
              "version": "4.9.06037"
            },
            {
              "status": "affected",
              "version": "4.10.00093"
            },
            {
              "status": "affected",
              "version": "4.10.01075"
            },
            {
              "status": "affected",
              "version": "4.10.02086"
            },
            {
              "status": "affected",
              "version": "4.10.03104"
            },
            {
              "status": "affected",
              "version": "4.10.04065"
            },
            {
              "status": "affected",
              "version": "4.10.04071"
            },
            {
              "status": "affected",
              "version": "4.10.05085"
            },
            {
              "status": "affected",
              "version": "4.10.05095"
            },
            {
              "status": "affected",
              "version": "4.10.05111"
            },
            {
              "status": "affected",
              "version": "4.10.06079"
            },
            {
              "status": "affected",
              "version": "4.10.06090"
            },
            {
              "status": "affected",
              "version": "4.10.07061"
            },
            {
              "status": "affected",
              "version": "4.10.07062"
            },
            {
              "status": "affected",
              "version": "4.10.07073"
            },
            {
              "status": "affected",
              "version": "5.0.00238"
            },
            {
              "status": "affected",
              "version": "5.0.00529"
            },
            {
              "status": "affected",
              "version": "5.0.00556"
            },
            {
              "status": "affected",
              "version": "5.0.01242"
            },
            {
              "status": "affected",
              "version": "5.0.02075"
            },
            {
              "status": "affected",
              "version": "5.0.03072"
            },
            {
              "status": "affected",
              "version": "5.0.03076"
            },
            {
              "status": "affected",
              "version": "5.0.04032"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client, could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system.\r\n\r These vulnerabilities are due to an out-of-bounds memory read from Cisco Secure Client Software. An attacker could exploit these vulnerabilities by logging in to an affected device at the same time that another user is accessing Cisco Secure Client on the same system, and then sending crafted packets to a port on that local host. A successful exploit could allow the attacker to crash the VPN Agent service, causing it to be unavailable to all users of the system. To exploit these vulnerabilities, the attacker must have valid credentials on a multi-user system."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "Out-of-bounds Read",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-25T16:58:29.398Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-accsc-dos-9SLzkZ8",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-accsc-dos-9SLzkZ8"
        }
      ],
      "source": {
        "advisory": "cisco-sa-accsc-dos-9SLzkZ8",
        "defects": [
          "CSCwf92553"
        ],
        "discovery": "INTERNAL"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2023-20241",
    "datePublished": "2023-11-22T17:10:45.694Z",
    "dateReserved": "2022-10-27T18:47:50.370Z",
    "dateUpdated": "2024-08-02T09:05:35.856Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-20474
Vulnerability from cvelistv5
Published
2024-10-23 17:49
Modified
2024-10-23 20:54
Summary
A vulnerability in Internet Key Exchange version 2 (IKEv2) processing of Cisco Secure Client Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) of Cisco Secure Client. This vulnerability is due to an integer underflow condition. An attacker could exploit this vulnerability by sending a crafted IKEv2 packet to an affected system. A successful exploit could allow the attacker to cause Cisco Secure Client Software to crash, resulting in a DoS condition on the client software. Note: Cisco Secure Client Software releases 4.10 and earlier were known as Cisco AnyConnect Secure Mobility Client.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-20474",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-23T20:54:04.508420Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-23T20:54:12.513Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Secure Client",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "4.9.00086"
            },
            {
              "status": "affected",
              "version": "4.9.01095"
            },
            {
              "status": "affected",
              "version": "4.9.02028"
            },
            {
              "status": "affected",
              "version": "4.9.03047"
            },
            {
              "status": "affected",
              "version": "4.9.03049"
            },
            {
              "status": "affected",
              "version": "4.9.04043"
            },
            {
              "status": "affected",
              "version": "4.9.04053"
            },
            {
              "status": "affected",
              "version": "4.9.05042"
            },
            {
              "status": "affected",
              "version": "4.9.06037"
            },
            {
              "status": "affected",
              "version": "4.10.00093"
            },
            {
              "status": "affected",
              "version": "4.10.01075"
            },
            {
              "status": "affected",
              "version": "4.10.02086"
            },
            {
              "status": "affected",
              "version": "4.10.03104"
            },
            {
              "status": "affected",
              "version": "4.10.04065"
            },
            {
              "status": "affected",
              "version": "4.10.04071"
            },
            {
              "status": "affected",
              "version": "4.10.05085"
            },
            {
              "status": "affected",
              "version": "4.10.05095"
            },
            {
              "status": "affected",
              "version": "4.10.05111"
            },
            {
              "status": "affected",
              "version": "4.10.06079"
            },
            {
              "status": "affected",
              "version": "4.10.06090"
            },
            {
              "status": "affected",
              "version": "4.10.07061"
            },
            {
              "status": "affected",
              "version": "4.10.07062"
            },
            {
              "status": "affected",
              "version": "4.10.07073"
            },
            {
              "status": "affected",
              "version": "4.10.08025"
            },
            {
              "status": "affected",
              "version": "4.10.08029"
            },
            {
              "status": "affected",
              "version": "5.0.00238"
            },
            {
              "status": "affected",
              "version": "5.0.00529"
            },
            {
              "status": "affected",
              "version": "5.0.00556"
            },
            {
              "status": "affected",
              "version": "5.0.01242"
            },
            {
              "status": "affected",
              "version": "5.0.02075"
            },
            {
              "status": "affected",
              "version": "5.0.03072"
            },
            {
              "status": "affected",
              "version": "5.0.03076"
            },
            {
              "status": "affected",
              "version": "5.0.04032"
            },
            {
              "status": "affected",
              "version": "5.0.05040"
            },
            {
              "status": "affected",
              "version": "5.1.0.136"
            },
            {
              "status": "affected",
              "version": "5.1.1.42"
            },
            {
              "status": "affected",
              "version": "5.1.2.42"
            },
            {
              "status": "affected",
              "version": "5.1.3.62"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in Internet Key Exchange version 2 (IKEv2) processing of Cisco Secure Client Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) of Cisco Secure Client.\r\n\r This vulnerability is due to an integer underflow condition. An attacker could exploit this vulnerability by sending a crafted IKEv2 packet to an affected system. A successful exploit could allow the attacker to cause Cisco Secure Client Software to crash, resulting in a DoS condition on the client software.\r\n\r Note: Cisco Secure Client Software releases 4.10 and earlier were known as Cisco AnyConnect Secure Mobility Client."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-191",
              "description": "Integer Underflow (Wrap or Wraparound)",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-23T17:49:23.557Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-csc-dos-XvPhM3bj",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csc-dos-XvPhM3bj"
        }
      ],
      "source": {
        "advisory": "cisco-sa-csc-dos-XvPhM3bj",
        "defects": [
          "CSCwj99060"
        ],
        "discovery": "EXTERNAL"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2024-20474",
    "datePublished": "2024-10-23T17:49:23.557Z",
    "dateReserved": "2023-11-08T15:08:07.681Z",
    "dateUpdated": "2024-10-23T20:54:12.513Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-20338
Vulnerability from cvelistv5
Published
2024-03-06 16:29
Modified
2024-08-01 21:59
Summary
A vulnerability in the ISE Posture (System Scan) module of Cisco Secure Client for Linux could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to the use of an uncontrolled search path element. An attacker could exploit this vulnerability by copying a malicious library file to a specific directory in the filesystem and persuading an administrator to restart a specific process. A successful exploit could allow the attacker to execute arbitrary code on an affected device with root privileges.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:cisco:secure_client:*:*:*:*:*:linux:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "secure_client",
            "vendor": "cisco",
            "versions": [
              {
                "lessThan": "5.1.2.42",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-20338",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-11T12:54:03.702303Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-26T18:05:28.544Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:59:42.263Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "cisco-sa-secure-privesc-sYxQO6ds",
            "tags": [
              "x_transferred"
            ],
            "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-privesc-sYxQO6ds"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Secure Client",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "N/A"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the ISE Posture (System Scan) module of Cisco Secure Client for Linux could allow an authenticated, local attacker to elevate privileges on an affected device.\r\n\r This vulnerability is due to the use of an uncontrolled search path element. An attacker could exploit this vulnerability by copying a malicious library file to a specific directory in the filesystem and persuading an administrator to restart a specific process. A successful exploit could allow the attacker to execute arbitrary code on an affected device with root privileges."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-427",
              "description": "Uncontrolled Search Path Element",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-03-06T16:29:33.440Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-secure-privesc-sYxQO6ds",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-privesc-sYxQO6ds"
        }
      ],
      "source": {
        "advisory": "cisco-sa-secure-privesc-sYxQO6ds",
        "defects": [
          "CSCwi30539"
        ],
        "discovery": "EXTERNAL"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2024-20338",
    "datePublished": "2024-03-06T16:29:33.440Z",
    "dateReserved": "2023-11-08T15:08:07.642Z",
    "dateUpdated": "2024-08-01T21:59:42.263Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-20240
Vulnerability from cvelistv5
Published
2023-11-22 17:10
Modified
2024-08-02 09:05
Summary
Multiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client, could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. These vulnerabilities are due to an out-of-bounds memory read from Cisco Secure Client Software. An attacker could exploit these vulnerabilities by logging in to an affected device at the same time that another user is accessing Cisco Secure Client on the same system, and then sending crafted packets to a port on that local host. A successful exploit could allow the attacker to crash the VPN Agent service, causing it to be unavailable to all users of the system. To exploit these vulnerabilities, the attacker must have valid credentials on a multi-user system.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T09:05:35.707Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "cisco-sa-accsc-dos-9SLzkZ8",
            "tags": [
              "x_transferred"
            ],
            "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-accsc-dos-9SLzkZ8"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Secure Client",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "4.9.00086"
            },
            {
              "status": "affected",
              "version": "4.9.01095"
            },
            {
              "status": "affected",
              "version": "4.9.02028"
            },
            {
              "status": "affected",
              "version": "4.9.03047"
            },
            {
              "status": "affected",
              "version": "4.9.03049"
            },
            {
              "status": "affected",
              "version": "4.9.04043"
            },
            {
              "status": "affected",
              "version": "4.9.04053"
            },
            {
              "status": "affected",
              "version": "4.9.05042"
            },
            {
              "status": "affected",
              "version": "4.9.06037"
            },
            {
              "status": "affected",
              "version": "4.10.00093"
            },
            {
              "status": "affected",
              "version": "4.10.01075"
            },
            {
              "status": "affected",
              "version": "4.10.02086"
            },
            {
              "status": "affected",
              "version": "4.10.03104"
            },
            {
              "status": "affected",
              "version": "4.10.04065"
            },
            {
              "status": "affected",
              "version": "4.10.04071"
            },
            {
              "status": "affected",
              "version": "4.10.05085"
            },
            {
              "status": "affected",
              "version": "4.10.05095"
            },
            {
              "status": "affected",
              "version": "4.10.05111"
            },
            {
              "status": "affected",
              "version": "4.10.06079"
            },
            {
              "status": "affected",
              "version": "4.10.06090"
            },
            {
              "status": "affected",
              "version": "4.10.07061"
            },
            {
              "status": "affected",
              "version": "4.10.07062"
            },
            {
              "status": "affected",
              "version": "4.10.07073"
            },
            {
              "status": "affected",
              "version": "5.0.00238"
            },
            {
              "status": "affected",
              "version": "5.0.00529"
            },
            {
              "status": "affected",
              "version": "5.0.00556"
            },
            {
              "status": "affected",
              "version": "5.0.01242"
            },
            {
              "status": "affected",
              "version": "5.0.02075"
            },
            {
              "status": "affected",
              "version": "5.0.03072"
            },
            {
              "status": "affected",
              "version": "5.0.03076"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client, could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. These vulnerabilities are due to an out-of-bounds memory read from Cisco Secure Client Software. An attacker could exploit these vulnerabilities by logging in to an affected device at the same time that another user is accessing Cisco Secure Client on the same system, and then sending crafted packets to a port on that local host. A successful exploit could allow the attacker to crash the VPN Agent service, causing it to be unavailable to all users of the system. To exploit these vulnerabilities, the attacker must have valid credentials on a multi-user system."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "Out-of-bounds Read",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-25T16:58:29.094Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-accsc-dos-9SLzkZ8",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-accsc-dos-9SLzkZ8"
        }
      ],
      "source": {
        "advisory": "cisco-sa-accsc-dos-9SLzkZ8",
        "defects": [
          "CSCwf21381"
        ],
        "discovery": "INTERNAL"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2023-20240",
    "datePublished": "2023-11-22T17:10:15.660Z",
    "dateReserved": "2022-10-27T18:47:50.370Z",
    "dateUpdated": "2024-08-02T09:05:35.707Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-20337
Vulnerability from cvelistv5
Published
2024-03-06 16:30
Modified
2024-08-01 21:59
Summary
A vulnerability in the SAML authentication process of Cisco Secure Client could allow an unauthenticated, remote attacker to conduct a carriage return line feed (CRLF) injection attack against a user. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link while establishing a VPN session. A successful exploit could allow the attacker to execute arbitrary script code in the browser or access sensitive, browser-based information, including a valid SAML token. The attacker could then use the token to establish a remote access VPN session with the privileges of the affected user. Individual hosts and services behind the VPN headend would still need additional credentials for successful access.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:cisco:secure_client:4.10.00093:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:secure_client:4.10.01075:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:secure_client:4.10.02086:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:secure_client:4.10.03104:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:secure_client:4.10.04065:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:secure_client:4.10.04071:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:secure_client:4.10.05085:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:secure_client:4.10.05095:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:secure_client:4.10.05111:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:secure_client:4.10.06079:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:secure_client:4.10.06090:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:secure_client:4.10.07061:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:secure_client:4.10.07062:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:secure_client:4.10.07073:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:secure_client:4.9.00086:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:secure_client:4.9.01095:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:secure_client:4.9.02028:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:secure_client:4.9.03047:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:secure_client:4.9.03049:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:secure_client:4.9.04043:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:secure_client:4.9.04053:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:secure_client:4.9.05042:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:secure_client:4.9.06037:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:secure_client:5.0.00238:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:secure_client:5.0.00529:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:secure_client:5.0.00556:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:secure_client:5.0.01242:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:secure_client:5.0.02075:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:secure_client:5.0.03072:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:secure_client:5.0.03076:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:secure_client:5.0.04032:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:secure_client:5.1.0.136:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:secure_client:5.1.1.42:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "secure_client",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "4.10.00093"
              },
              {
                "status": "affected",
                "version": "4.10.01075"
              },
              {
                "status": "affected",
                "version": "4.10.02086"
              },
              {
                "status": "affected",
                "version": "4.10.03104"
              },
              {
                "status": "affected",
                "version": "4.10.04065"
              },
              {
                "status": "affected",
                "version": "4.10.04071"
              },
              {
                "status": "affected",
                "version": "4.10.05085"
              },
              {
                "status": "affected",
                "version": "4.10.05095"
              },
              {
                "status": "affected",
                "version": "4.10.05111"
              },
              {
                "status": "affected",
                "version": "4.10.06079"
              },
              {
                "status": "affected",
                "version": "4.10.06090"
              },
              {
                "status": "affected",
                "version": "4.10.07061"
              },
              {
                "status": "affected",
                "version": "4.10.07062"
              },
              {
                "status": "affected",
                "version": "4.10.07073"
              },
              {
                "status": "affected",
                "version": "4.9.00086"
              },
              {
                "status": "affected",
                "version": "4.9.01095"
              },
              {
                "status": "affected",
                "version": "4.9.02028"
              },
              {
                "status": "affected",
                "version": "4.9.03047"
              },
              {
                "status": "affected",
                "version": "4.9.03049"
              },
              {
                "status": "affected",
                "version": "4.9.04043"
              },
              {
                "status": "affected",
                "version": "4.9.04053"
              },
              {
                "status": "affected",
                "version": "4.9.05042"
              },
              {
                "status": "affected",
                "version": "4.9.06037"
              },
              {
                "status": "affected",
                "version": "5.0.00238"
              },
              {
                "status": "affected",
                "version": "5.0.00529"
              },
              {
                "status": "affected",
                "version": "5.0.00556"
              },
              {
                "status": "affected",
                "version": "5.0.01242"
              },
              {
                "status": "affected",
                "version": "5.0.02075"
              },
              {
                "status": "affected",
                "version": "5.0.03072"
              },
              {
                "status": "affected",
                "version": "5.0.03076"
              },
              {
                "status": "affected",
                "version": "5.0.04032"
              },
              {
                "status": "affected",
                "version": "5.1.0.136"
              },
              {
                "status": "affected",
                "version": "5.1.1.42"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-20337",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-09T05:00:57.702576Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-25T17:00:36.986Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:59:42.871Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "cisco-sa-secure-client-crlf-W43V4G7",
            "tags": [
              "x_transferred"
            ],
            "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-client-crlf-W43V4G7"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Secure Client",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "4.9.00086"
            },
            {
              "status": "affected",
              "version": "4.9.01095"
            },
            {
              "status": "affected",
              "version": "4.9.02028"
            },
            {
              "status": "affected",
              "version": "4.9.03047"
            },
            {
              "status": "affected",
              "version": "4.9.03049"
            },
            {
              "status": "affected",
              "version": "4.9.04043"
            },
            {
              "status": "affected",
              "version": "4.9.04053"
            },
            {
              "status": "affected",
              "version": "4.9.05042"
            },
            {
              "status": "affected",
              "version": "4.9.06037"
            },
            {
              "status": "affected",
              "version": "4.10.00093"
            },
            {
              "status": "affected",
              "version": "4.10.01075"
            },
            {
              "status": "affected",
              "version": "4.10.02086"
            },
            {
              "status": "affected",
              "version": "4.10.03104"
            },
            {
              "status": "affected",
              "version": "4.10.04065"
            },
            {
              "status": "affected",
              "version": "4.10.04071"
            },
            {
              "status": "affected",
              "version": "4.10.05085"
            },
            {
              "status": "affected",
              "version": "4.10.05095"
            },
            {
              "status": "affected",
              "version": "4.10.05111"
            },
            {
              "status": "affected",
              "version": "4.10.06079"
            },
            {
              "status": "affected",
              "version": "4.10.06090"
            },
            {
              "status": "affected",
              "version": "4.10.07061"
            },
            {
              "status": "affected",
              "version": "4.10.07062"
            },
            {
              "status": "affected",
              "version": "4.10.07073"
            },
            {
              "status": "affected",
              "version": "5.0.00238"
            },
            {
              "status": "affected",
              "version": "5.0.00529"
            },
            {
              "status": "affected",
              "version": "5.0.00556"
            },
            {
              "status": "affected",
              "version": "5.0.01242"
            },
            {
              "status": "affected",
              "version": "5.0.02075"
            },
            {
              "status": "affected",
              "version": "5.0.03072"
            },
            {
              "status": "affected",
              "version": "5.0.03076"
            },
            {
              "status": "affected",
              "version": "5.0.04032"
            },
            {
              "status": "affected",
              "version": "5.0.05040"
            },
            {
              "status": "affected",
              "version": "5.1.0.136"
            },
            {
              "status": "affected",
              "version": "5.1.1.42"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the SAML authentication process of Cisco Secure Client could allow an unauthenticated, remote attacker to conduct a carriage return line feed (CRLF) injection attack against a user. \r\n\r This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link while establishing a VPN session. A successful exploit could allow the attacker to execute arbitrary script code in the browser or access sensitive, browser-based information, including a valid SAML token. The attacker could then use the token to establish a remote access VPN session with the privileges of the affected user. Individual hosts and services behind the VPN headend would still need additional credentials for successful access."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-93",
              "description": "Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-03-06T16:30:02.285Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-secure-client-crlf-W43V4G7",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-client-crlf-W43V4G7"
        }
      ],
      "source": {
        "advisory": "cisco-sa-secure-client-crlf-W43V4G7",
        "defects": [
          "CSCwi37512"
        ],
        "discovery": "EXTERNAL"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2024-20337",
    "datePublished": "2024-03-06T16:30:02.285Z",
    "dateReserved": "2023-11-08T15:08:07.642Z",
    "dateUpdated": "2024-08-01T21:59:42.871Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-20391
Vulnerability from cvelistv5
Published
2024-05-15 17:24
Modified
2024-08-01 21:59
Summary
A vulnerability in the Network Access Manager (NAM) module of Cisco Secure Client could allow an unauthenticated attacker with physical access to an affected device to elevate privileges to SYSTEM. This vulnerability is due to a lack of authentication on a specific function. A successful exploit could allow the attacker to execute arbitrary code with SYSTEM privileges on an affected device.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:cisco:secure_client:4.9.01095:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "secure_client",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "4.9.01095"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:secure_client:4.9.02028:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "secure_client",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "4.9.02028"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:secure_client:4.9.03047:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "secure_client",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "4.9.03047"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:secure_client:4.9.03049:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "secure_client",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "4.9.03049"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:secure_client:4.9.04043:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "secure_client",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "4.9.04043"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:secure_client:4.9.04053:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "secure_client",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "4.9.04053"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:secure_client:4.9.05042:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "secure_client",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "4.9.05042"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:secure_client:4.9.06037:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "secure_client",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "4.9.06037"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:secure_client:4.10.00093:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "secure_client",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "4.10.00093"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:secure_client:4.10.01075:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "secure_client",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "4.10.01075"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:secure_client:4.10.02086:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "secure_client",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "4.10.02086"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:secure_client:4.10.03104:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "secure_client",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "4.10.03104"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:secure_client:4.10.04065:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "secure_client",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "4.10.04065"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:secure_client:4.10.04071:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "secure_client",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "4.10.04071"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:secure_client:4.10.05085:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "secure_client",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "4.10.05085"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:secure_client:4.10.05095:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "secure_client",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "4.10.05095"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:secure_client:4.10.05111:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "secure_client",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "4.10.05111"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:secure_client:4.10.06079:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "secure_client",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "4.10.06079"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:secure_client:4.10.06090:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "secure_client",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "4.10.06090"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:secure_client:4.10.07061:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "secure_client",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "4.10.07061"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:secure_client:4.10.07062:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "secure_client",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "4.10.07062"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:secure_client:4.10.07073:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "secure_client",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "4.10.07073"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:secure_client:4.10.08025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "secure_client",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "4.10.08025"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:secure_client:4.10.08029:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "secure_client",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "4.10.08029"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:secure_client:5.0.00238:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "secure_client",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "5.0.00238"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:secure_client:5.0.00529:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "secure_client",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "5.0.00529"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:secure_client:5.0.00556:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "secure_client",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "5.0.00556"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:secure_client:5.0.01242:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "secure_client",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "5.0.01242"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:secure_client:5.0.02075:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "secure_client",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "5.0.02075"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:secure_client:5.0.03072:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "secure_client",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "5.0.03072"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:secure_client:5.0.03076:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "secure_client",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "5.0.03076"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:secure_client:5.0.04032:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "secure_client",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "5.0.04032"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:secure_client:5.0.05040:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "secure_client",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "5.0.05040"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:secure_client:4.9.00086:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "secure_client",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "4.9.00086"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:secure_client:5.1.0.136:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "secure_client",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "5.1.0.136"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:secure_client:5.1.1.42:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "secure_client",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "5.1.1.42"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:secure_client:5.1.2.42:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "secure_client",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "5.1.2.42"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-20391",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-15T18:58:26.955767Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:40:05.799Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:59:42.903Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "cisco-sa-secure-nam-priv-esc-szu2vYpZ",
            "tags": [
              "x_transferred"
            ],
            "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-nam-priv-esc-szu2vYpZ"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Secure Client",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "4.9.00086"
            },
            {
              "status": "affected",
              "version": "4.9.01095"
            },
            {
              "status": "affected",
              "version": "4.9.02028"
            },
            {
              "status": "affected",
              "version": "4.9.03047"
            },
            {
              "status": "affected",
              "version": "4.9.03049"
            },
            {
              "status": "affected",
              "version": "4.9.04043"
            },
            {
              "status": "affected",
              "version": "4.9.04053"
            },
            {
              "status": "affected",
              "version": "4.9.05042"
            },
            {
              "status": "affected",
              "version": "4.9.06037"
            },
            {
              "status": "affected",
              "version": "4.10.00093"
            },
            {
              "status": "affected",
              "version": "4.10.01075"
            },
            {
              "status": "affected",
              "version": "4.10.02086"
            },
            {
              "status": "affected",
              "version": "4.10.03104"
            },
            {
              "status": "affected",
              "version": "4.10.04065"
            },
            {
              "status": "affected",
              "version": "4.10.04071"
            },
            {
              "status": "affected",
              "version": "4.10.05085"
            },
            {
              "status": "affected",
              "version": "4.10.05095"
            },
            {
              "status": "affected",
              "version": "4.10.05111"
            },
            {
              "status": "affected",
              "version": "4.10.06079"
            },
            {
              "status": "affected",
              "version": "4.10.06090"
            },
            {
              "status": "affected",
              "version": "4.10.07061"
            },
            {
              "status": "affected",
              "version": "4.10.07062"
            },
            {
              "status": "affected",
              "version": "4.10.07073"
            },
            {
              "status": "affected",
              "version": "4.10.08025"
            },
            {
              "status": "affected",
              "version": "4.10.08029"
            },
            {
              "status": "affected",
              "version": "5.0.00238"
            },
            {
              "status": "affected",
              "version": "5.0.00529"
            },
            {
              "status": "affected",
              "version": "5.0.00556"
            },
            {
              "status": "affected",
              "version": "5.0.01242"
            },
            {
              "status": "affected",
              "version": "5.0.02075"
            },
            {
              "status": "affected",
              "version": "5.0.03072"
            },
            {
              "status": "affected",
              "version": "5.0.03076"
            },
            {
              "status": "affected",
              "version": "5.0.04032"
            },
            {
              "status": "affected",
              "version": "5.0.05040"
            },
            {
              "status": "affected",
              "version": "5.1.0.136"
            },
            {
              "status": "affected",
              "version": "5.1.1.42"
            },
            {
              "status": "affected",
              "version": "5.1.2.42"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the Network Access Manager (NAM) module of Cisco Secure Client could allow an unauthenticated attacker with physical access to an affected device to elevate privileges to SYSTEM.\r\n\r This vulnerability is due to a lack of authentication on a specific function. A successful exploit could allow the attacker to execute arbitrary code with SYSTEM privileges on an affected device."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-306",
              "description": "Missing Authentication for Critical Function",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-15T17:24:34.138Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-secure-nam-priv-esc-szu2vYpZ",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-nam-priv-esc-szu2vYpZ"
        }
      ],
      "source": {
        "advisory": "cisco-sa-secure-nam-priv-esc-szu2vYpZ",
        "defects": [
          "CSCwj48522"
        ],
        "discovery": "EXTERNAL"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2024-20391",
    "datePublished": "2024-05-15T17:24:34.138Z",
    "dateReserved": "2023-11-08T15:08:07.659Z",
    "dateUpdated": "2024-08-01T21:59:42.903Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-20178
Vulnerability from cvelistv5
Published
2023-06-28 00:00
Modified
2024-08-02 09:05
Summary
A vulnerability in the client update process of Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows could allow a low-privileged, authenticated, local attacker to elevate privileges to those of SYSTEM. The client update process is executed after a successful VPN connection is established. This vulnerability exists because improper permissions are assigned to a temporary directory that is created during the update process. An attacker could exploit this vulnerability by abusing a specific function of the Windows installer process. A successful exploit could allow the attacker to execute code with SYSTEM privileges.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T09:05:34.960Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "cisco-sa-ac-csc-privesc-wx4U4Kw",
            "tags": [
              "x_transferred"
            ],
            "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ac-csc-privesc-wx4U4Kw"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Secure Client",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "4.9.00086"
            },
            {
              "status": "affected",
              "version": "4.9.01095"
            },
            {
              "status": "affected",
              "version": "4.9.02028"
            },
            {
              "status": "affected",
              "version": "4.9.03047"
            },
            {
              "status": "affected",
              "version": "4.9.03049"
            },
            {
              "status": "affected",
              "version": "4.9.04043"
            },
            {
              "status": "affected",
              "version": "4.9.04053"
            },
            {
              "status": "affected",
              "version": "4.9.05042"
            },
            {
              "status": "affected",
              "version": "4.9.06037"
            },
            {
              "status": "affected",
              "version": "4.10.00093"
            },
            {
              "status": "affected",
              "version": "4.10.01075"
            },
            {
              "status": "affected",
              "version": "4.10.02086"
            },
            {
              "status": "affected",
              "version": "4.10.03104"
            },
            {
              "status": "affected",
              "version": "4.10.04065"
            },
            {
              "status": "affected",
              "version": "4.10.04071"
            },
            {
              "status": "affected",
              "version": "4.10.05085"
            },
            {
              "status": "affected",
              "version": "4.10.05095"
            },
            {
              "status": "affected",
              "version": "4.10.05111"
            },
            {
              "status": "affected",
              "version": "4.10.06079"
            },
            {
              "status": "affected",
              "version": "4.10.06090"
            },
            {
              "status": "affected",
              "version": "5.0.00238"
            },
            {
              "status": "affected",
              "version": "5.0.00529"
            },
            {
              "status": "affected",
              "version": "5.0.00556"
            },
            {
              "status": "affected",
              "version": "5.0.01242"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the client update process of Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows could allow a low-privileged, authenticated, local attacker to elevate privileges to those of SYSTEM. The client update process is executed after a successful VPN connection is established.\r\n\r This vulnerability exists because improper permissions are assigned to a temporary directory that is created during the update process. An attacker could exploit this vulnerability by abusing a specific function of the Windows installer process. A successful exploit could allow the attacker to execute code with SYSTEM privileges."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "Incorrect Default Permissions",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-25T16:57:50.608Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-ac-csc-privesc-wx4U4Kw",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ac-csc-privesc-wx4U4Kw"
        }
      ],
      "source": {
        "advisory": "cisco-sa-ac-csc-privesc-wx4U4Kw",
        "defects": [
          "CSCwe00252"
        ],
        "discovery": "EXTERNAL"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2023-20178",
    "datePublished": "2023-06-28T00:00:00",
    "dateReserved": "2022-10-27T00:00:00",
    "dateUpdated": "2024-08-02T09:05:34.960Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}