CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-20178

A vulnerability in the client update process of Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows could allow a low-privileged, authenticated, local attacker to elevate privileges to those of SYSTEM. The client update process is executed after a successful VPN connection is established. This vulnerability exists because improper permissions are assigned to a temporary directory that is created during the update process. An attacker could exploit this vulnerability by abusing a specific function of the Windows installer process. A successful exploit could allow the attacker to execute code with SYSTEM privileges.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.255

EPSS Ranking 95.9%

CVSS Severity

CVSS v3 Score 7.8

References

Products affected by CVE-2023-20178

Cisco » Anyconnect Secure Mobility Client » Version: N/A

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:-
Cisco » Anyconnect Secure Mobility Client » Version: 4.10.03104

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.10.03104
Cisco » Anyconnect Secure Mobility Client » Version: 4.10.05085

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.10.05085
Cisco » Anyconnect Secure Mobility Client » Version: 4.10.05111

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.10.05111
Cisco » Anyconnect Secure Mobility Client » Version: 4.10.06090

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.10.06090
Cisco » Anyconnect Secure Mobility Client » Version: 4.8.00175

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.8.00175
Cisco » Anyconnect Secure Mobility Client » Version: 4.8.01090

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.8.01090
Cisco » Anyconnect Secure Mobility Client » Version: 4.8.02042

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.8.02042
Cisco » Anyconnect Secure Mobility Client » Version: 4.8.02045

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.8.02045
Cisco » Anyconnect Secure Mobility Client » Version: 4.8.03036

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.8.03036
Cisco » Anyconnect Secure Mobility Client » Version: 4.8.03043

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.8.03043
Cisco » Anyconnect Secure Mobility Client » Version: 4.8.03052

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.8.03052
Cisco » Anyconnect Secure Mobility Client » Version: 4.9.00086

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.9.00086
Cisco » Anyconnect Secure Mobility Client » Version: 4.9.01095

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.9.01095
Cisco » Anyconnect Secure Mobility Client » Version: 4.9.03047

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.9.03047
Cisco » Anyconnect Secure Mobility Client » Version: 4.9.03049

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.9.03049
Cisco » Anyconnect Secure Mobility Client » Version: 4.9.04043

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.9.04043
Cisco » Anyconnect Secure Mobility Client » Version: 4.9.05042

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.9.05042
Cisco » Anyconnect Secure Mobility Client » Version: 4.9.06037

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.9.06037
Cisco » Secure Client » Version: Any

cpe:2.3:a:cisco:secure_client:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-20178

Products

Pricing

Contact Us