Homepage » CyberSecurityNews » Cisco Secure Client for Windows Let Attackers Execute Arbitrary Code

Cisco Secure Client for Windows Let Attackers Execute Arbitrary Code

   March 7, 2025  Posted in CyberSecurityNews
Share: XFacebookPinterestRedditVKDiggLinkedinMix


A newly identified vulnerability in the Cisco Secure Client for Windows could allow attackers to execute arbitrary code with SYSTEM privileges.

The vulnerability lies within the interprocess communication (IPC) channel and can be exploited by an authenticated, local attacker to perform a DLL hijacking attack.

This vulnerability is present only when the Secure Firewall Posture Engine (formerly HostScan) is installed on the Cisco Secure Client.

The root cause of this vulnerability is the insufficient validation of resources loaded by the application during runtime. An attacker could exploit this vulnerability by sending a specifically crafted IPC message to a Cisco Secure Client process.

Successful exploitation could allow the attacker to execute arbitrary code on the affected machine with SYSTEM privileges, requiring valid user credentials on the Windows system.

The vulnerability, CVE-2025-20206, was reported on March 5, 2025. Cisco has addressed the vulnerability with a software update. There are no workarounds available to mitigate this vulnerability.

Affected & Fixed Products

When the Secure Firewall Posture Engine is installed, the vulnerability affects the Cisco Secure Client for Windows. It is important to note that the Secure Firewall Posture Engine is distinct from the ISE Posture module and is unaffected by this vulnerability.

Vulnerability ID Affected Versions Fixed Version
CVE-2025-20206 Cisco Secure Client for Windows (with Secure Firewall Posture Engine) ≤ 5.1.7.80 Update to ≥ 5.1.8.1 or later
  • The fixed version (5.1.8.1 or later) is inferred from Cisco’s advisory timeline and standard patching practices.
  • Users must verify the fixed version via Cisco’s official channels or the advisory portal.

Non-Vulnerable Products

Cisco has confirmed that the following products are not affected by this vulnerability:

  • Secure Client for Linux
  • Secure Client for macOS
  • Secure Client for mobile device operating systems such as iOS, Android, and Universal Windows Platform

Cisco urges users to obtain the released software updates to address the vulnerability. Customers with service contracts that entitle them to regular software updates should obtain security fixes through their usual update channels.

Collect Threat Intelligence on the Latest Malware and Phishing Attacks with ANY.RUN TI Lookup -> Try for free



Source link