- Description
- A vulnerability in the interprocess communication (IPC) channel of Cisco Secure Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device if the Secure Firewall Posture Engine, formerly HostScan, is installed on Cisco Secure Client. This vulnerability is due to insufficient validation of resources that are loaded by the application at run time. An attacker could exploit this vulnerability by sending a crafted IPC message to a specific Cisco Secure Client process. A successful exploit could allow the attacker to execute arbitrary code on the affected machine with SYSTEM privileges. To exploit this vulnerability, the attacker must have valid user credentials on the Windows system.
- Source
- psirt@cisco.com
- NVD status
- Analyzed
- Products
- secure_client
CVSS 3.1
- Type
- Primary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- psirt@cisco.com
- CWE-347
- Hype score
- Not currently trending
Cisco Secure Client Vulnerability (CVE-2025-20206) A critical DLL hijacking flaw in Cisco Secure Client for Windows allows local privilege escalation to SYSTEM. #Cisco #CVE #CyberSecurity #ThreatAlert ๐ Full details https://t.co/U39x5Mfjk3 https://t.co/h4r6Jg00Yf
@threatsbank
7 Mar 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Cisco has alerted users to a critical vulnerability (CVE-2025-20206) in Cisco Secure Client for Windows, allowing code execution with SYSTEM privileges. Update to version 5.1.8.105 or later. ๐บ๐ธ #CiscoClient #WindowsSecurity link: https://t.co/ayvzo1wwfc https://t.co/BJJZm94vmN
@TweetThreatNews
7 Mar 2025
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
๐จ CVE-2025-20206 ๐ด HIGH (7.1) ๐ข Cisco - Cisco Secure Client ๐๏ธ 4.9.00086 ๐ https://t.co/Lak5fDjA9F #CyberCron #VulnAlert #InfoSec https://t.co/hP1BpcdcWe
@cybercronai
7 Mar 2025
113 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
1 Quote
Cisco Secure Client for Windows with Secure Firewall Posture Engine DLL Hijacking Vulnerability (CVE-2025-20206) #Cisco #CiscoSecureClient #CVE202520206 #DLLHijackingVulnerability https://t.co/kgzLCj89GF https://t.co/HY6g47rRdV
@SystemTek_UK
6 Mar 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
๏ฟฝ๏ฟฝ CVE-2025-20206 - Cisco Secure Client - HIGH ๐จ ๐๏ธ Date published 2025-03-05 17:15:14 UTC #CiscoSecureClient #CyberSecurity #InfoSec #Vulnerability #TechNews https://t.co/I9ATYnazln
@vulns_space
5 Mar 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
๐จ CVE-2025-20206 ๐ด HIGH (7.1) ๐ข Cisco - Cisco Secure Client ๐๏ธ 4.9.00086 ๐ https://t.co/Lak5fDjA9F #CyberCron #VulnAlert #InfoSec @Cisco https://t.co/fFR9ICVLii
@cybercronai
5 Mar 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:secure_client:*:*:*:*:*:*:*:*",
"matchCriteriaId": "461C334F-C41A-499A-9FD6-4453D45CC3B9",
"versionEndExcluding": "5.1.8.105",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
]