Search criteria
2 vulnerabilities found for Secure Client by Cisco
CERTFR-2025-AVI-0180
Vulnerability from certfr_avis - Published: 2025-03-06 - Updated: 2025-03-06
Une vulnérabilité a été découverte dans Cisco Secure Client. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | Secure Client | Cisco Secure Client versions antérieures à 5.1.8.105 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco Secure Client versions ant\u00e9rieures \u00e0 5.1.8.105",
"product": {
"name": "Secure Client",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-20206",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20206"
}
],
"initial_release_date": "2025-03-06T00:00:00",
"last_revision_date": "2025-03-06T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0180",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-03-06T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Cisco Secure Client. Elle permet \u00e0 un attaquant de provoquer un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Vuln\u00e9rabilit\u00e9 dans Cisco Secure Client",
"vendor_advisories": [
{
"published_at": "2025-03-05",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-secure-dll-injection-AOyzEqSg",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-dll-injection-AOyzEqSg"
}
]
}
VAR-202405-0458
Vulnerability from variot - Updated: 2025-01-15 23:06DHCP can add routes to a client’s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202405-0458",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "big-ip access policy manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "7.2.5"
},
{
"model": "big-ip access policy manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "client connector",
"scope": "lt",
"trust": 1.0,
"vendor": "zscaler",
"version": "4.2.0.282"
},
{
"model": "big-ip access policy manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.2"
},
{
"model": "client connector",
"scope": "lt",
"trust": 1.0,
"vendor": "zscaler",
"version": "3.7.0.134"
},
{
"model": "ipsec mobile vpn client",
"scope": "eq",
"trust": 1.0,
"vendor": "watchguard",
"version": "*"
},
{
"model": "forticlient",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.4.0"
},
{
"model": "big-ip access policy manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.0"
},
{
"model": "big-ip access policy manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.10"
},
{
"model": "globalprotect",
"scope": "eq",
"trust": 1.0,
"vendor": "paloaltonetworks",
"version": "*"
},
{
"model": "big-ip access policy manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.5"
},
{
"model": "big-ip access policy manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "7.2.3"
},
{
"model": "client connector",
"scope": "gte",
"trust": 1.0,
"vendor": "zscaler",
"version": "3.7"
},
{
"model": "client connector",
"scope": "lt",
"trust": 1.0,
"vendor": "zscaler",
"version": "1.5.1.25"
},
{
"model": "secure client",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "forticlient",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.2.5"
},
{
"model": "mobile vpn with ssl",
"scope": "eq",
"trust": 1.0,
"vendor": "watchguard",
"version": "*"
},
{
"model": "anyconnect vpn client",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "secure access client",
"scope": "lt",
"trust": 1.0,
"vendor": "citrix",
"version": "24.06.1"
},
{
"model": "big-ip access policy manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"model": "client connector",
"scope": "eq",
"trust": 1.0,
"vendor": "zscaler",
"version": null
},
{
"model": "forticlient",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.4.0"
},
{
"model": "secure access client",
"scope": "lt",
"trust": 1.0,
"vendor": "citrix",
"version": "24.8.5"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2024-3661"
}
]
},
"cve": "CVE-2024-3661",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "9119a7d8-5eab-497f-8521-727c672e3725",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2024-3661",
"impactScore": 4.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
],
"severity": [
{
"author": "9119a7d8-5eab-497f-8521-727c672e3725",
"id": "CVE-2024-3661",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2024-3661",
"trust": 1.0,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2024-3661"
},
{
"db": "NVD",
"id": "CVE-2024-3661"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "DHCP can add routes to a client\u2019s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN.",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-3661"
}
],
"trust": 1.0
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-3661",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2024-3661"
}
]
},
"id": "VAR-202405-0458",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.7222222
},
"last_update_date": "2025-01-15T23:06:15.378000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-501",
"trust": 1.0
},
{
"problemtype": "CWE-306",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2024-3661"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.0,
"url": "https://datatracker.ietf.org/doc/html/rfc2131#section-7"
},
{
"trust": 1.0,
"url": "https://www.leviathansecurity.com/research/tunnelvision"
},
{
"trust": 1.0,
"url": "https://news.ycombinator.com/item?id=40284111"
},
{
"trust": 1.0,
"url": "https://fortiguard.fortinet.com/psirt/fg-ir-24-170"
},
{
"trust": 1.0,
"url": "https://bst.cisco.com/quickview/bug/cscwk05814"
},
{
"trust": 1.0,
"url": "https://lowendtalk.com/discussion/188857/a-rogue-dhcp-server-within-your-network-can-and-will-hijack-your-vpn-traffic"
},
{
"trust": 1.0,
"url": "https://mullvad.net/en/blog/evaluating-the-impact-of-tunnelvision"
},
{
"trust": 1.0,
"url": "https://tunnelvisionbug.com/"
},
{
"trust": 1.0,
"url": "https://security.paloaltonetworks.com/cve-2024-3661"
},
{
"trust": 1.0,
"url": "https://www.agwa.name/blog/post/hardening_openvpn_for_def_con"
},
{
"trust": 1.0,
"url": "https://arstechnica.com/security/2024/05/novel-attack-against-virtually-all-vpn-apps-neuters-their-entire-purpose/"
},
{
"trust": 1.0,
"url": "https://issuetracker.google.com/issues/263721377"
},
{
"trust": 1.0,
"url": "https://www.theregister.com/2024/05/07/vpn_tunnelvision_dhcp/"
},
{
"trust": 1.0,
"url": "https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00009"
},
{
"trust": 1.0,
"url": "https://news.ycombinator.com/item?id=40279632"
},
{
"trust": 1.0,
"url": "https://support.citrix.com/article/ctx677069/cloud-software-group-security-advisory-for-cve20243661"
},
{
"trust": 1.0,
"url": "https://krebsonsecurity.com/2024/05/why-your-vpn-may-not-be-as-secure-as-it-claims/"
},
{
"trust": 1.0,
"url": "https://www.zscaler.com/blogs/security-research/cve-2024-3661-k-tunnelvision-exposes-vpn-bypass-vulnerability"
},
{
"trust": 1.0,
"url": "https://my.f5.com/manage/s/article/k000139553"
},
{
"trust": 1.0,
"url": "https://datatracker.ietf.org/doc/html/rfc3442#section-7"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2024-3661"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-3661"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-05-06T19:15:11.027000",
"db": "NVD",
"id": "CVE-2024-3661"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-01-15T16:50:28.667000",
"db": "NVD",
"id": "CVE-2024-3661"
}
]
}
}