CVE-2023-20178 - 漏洞详情

CVE-2023-20178 (CNNVD-202306-612)

HIGH

中文标题:

Cisco AnyConnect Secure Mobility Client for Windows 安全漏洞

英文标题:

A vulnerability in the client update process of Cisco AnyConnect Secure Mobility Client Software for...

CVSS分数: 7.8

发布时间: 2023-06-28 00:00:00

漏洞类型: 其他

状态: PUBLISHED

数据质量分数: 0.30

数据版本: v3

漏洞描述

中文描述:

Cisco AnyConnect Secure Mobility Client for Windows是美国思科（Cisco）公司的一款基于Windows平台的可通过任何设备安全访问网络和应用的安全移动客户端。 Cisco AnyConnect Secure Mobility Client Software for Windows和Secure Client Software for Windows存在安全漏洞，该漏洞源于允许经过身份验证的低权限攻击者将权限提升至 SYSTEM权限。

英文描述:

A vulnerability in the client update process of Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows could allow a low-privileged, authenticated, local attacker to elevate privileges to those of SYSTEM. The client update process is executed after a successful VPN connection is established. This vulnerability exists because improper permissions are assigned to a temporary directory that is created during the update process. An attacker could exploit this vulnerability by abusing a specific function of the Windows installer process. A successful exploit could allow the attacker to execute code with SYSTEM privileges.

CWE类型:

CWE-276

受影响产品

厂商	产品	版本	版本范围	平台	CPE
Cisco	Cisco Secure Client	4.9.00086	-	-	`cpe:2.3:a:cisco:cisco_secure_client:4.9.00086:::::::*`
Cisco	Cisco Secure Client	4.9.01095	-	-	`cpe:2.3:a:cisco:cisco_secure_client:4.9.01095:::::::*`
Cisco	Cisco Secure Client	4.9.02028	-	-	`cpe:2.3:a:cisco:cisco_secure_client:4.9.02028:::::::*`
Cisco	Cisco Secure Client	4.9.03047	-	-	`cpe:2.3:a:cisco:cisco_secure_client:4.9.03047:::::::*`
Cisco	Cisco Secure Client	4.9.03049	-	-	`cpe:2.3:a:cisco:cisco_secure_client:4.9.03049:::::::*`
Cisco	Cisco Secure Client	4.9.04043	-	-	`cpe:2.3:a:cisco:cisco_secure_client:4.9.04043:::::::*`
Cisco	Cisco Secure Client	4.9.04053	-	-	`cpe:2.3:a:cisco:cisco_secure_client:4.9.04053:::::::*`
Cisco	Cisco Secure Client	4.9.05042	-	-	`cpe:2.3:a:cisco:cisco_secure_client:4.9.05042:::::::*`
Cisco	Cisco Secure Client	4.9.06037	-	-	`cpe:2.3:a:cisco:cisco_secure_client:4.9.06037:::::::*`
Cisco	Cisco Secure Client	4.10.00093	-	-	`cpe:2.3:a:cisco:cisco_secure_client:4.10.00093:::::::*`
Cisco	Cisco Secure Client	4.10.01075	-	-	`cpe:2.3:a:cisco:cisco_secure_client:4.10.01075:::::::*`
Cisco	Cisco Secure Client	4.10.02086	-	-	`cpe:2.3:a:cisco:cisco_secure_client:4.10.02086:::::::*`
Cisco	Cisco Secure Client	4.10.03104	-	-	`cpe:2.3:a:cisco:cisco_secure_client:4.10.03104:::::::*`
Cisco	Cisco Secure Client	4.10.04065	-	-	`cpe:2.3:a:cisco:cisco_secure_client:4.10.04065:::::::*`
Cisco	Cisco Secure Client	4.10.04071	-	-	`cpe:2.3:a:cisco:cisco_secure_client:4.10.04071:::::::*`
Cisco	Cisco Secure Client	4.10.05085	-	-	`cpe:2.3:a:cisco:cisco_secure_client:4.10.05085:::::::*`
Cisco	Cisco Secure Client	4.10.05095	-	-	`cpe:2.3:a:cisco:cisco_secure_client:4.10.05095:::::::*`
Cisco	Cisco Secure Client	4.10.05111	-	-	`cpe:2.3:a:cisco:cisco_secure_client:4.10.05111:::::::*`
Cisco	Cisco Secure Client	4.10.06079	-	-	`cpe:2.3:a:cisco:cisco_secure_client:4.10.06079:::::::*`
Cisco	Cisco Secure Client	4.10.06090	-	-	`cpe:2.3:a:cisco:cisco_secure_client:4.10.06090:::::::*`
Cisco	Cisco Secure Client	5.0.00238	-	-	`cpe:2.3:a:cisco:cisco_secure_client:5.0.00238:::::::*`
Cisco	Cisco Secure Client	5.0.00529	-	-	`cpe:2.3:a:cisco:cisco_secure_client:5.0.00529:::::::*`
Cisco	Cisco Secure Client	5.0.00556	-	-	`cpe:2.3:a:cisco:cisco_secure_client:5.0.00556:::::::*`
Cisco	Cisco Secure Client	5.0.01242	-	-	`cpe:2.3:a:cisco:cisco_secure_client:5.0.01242:::::::*`
cisco	anyconnect_secure_mobility_client	*	-	-	`cpe:2.3:a:cisco:anyconnect_secure_mobility_client::::::windows::*`
cisco	secure_client	*	-	-	`cpe:2.3:a:cisco:secure_client::::::windows::*`

解决方案

中文解决方案:

（暂无数据）

英文解决方案:

（暂无数据）

临时解决方案:

（暂无数据）

参考链接

cisco-sa-ac-csc-privesc-wx4U4Kw OTHER
cve.org

访问

CVSS评分详情

3.1 (cna)

HIGH

7.8

CVSS向量: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

机密性

HIGH

完整性

HIGH

可用性

HIGH

时间信息

发布时间:

2023-06-28 00:00:00

修改时间:

2024-08-02 09:05:34

创建时间:

2025-11-11 15:38:02

更新时间:

2025-11-11 15:58:03

利用信息

暂无可利用代码信息

数据源详情

数据源	记录ID	版本	提取时间
CVE	`cve_CVE-2023-20178`	2025-11-11 15:21:47	2025-11-11 07:38:02
NVD	`nvd_CVE-2023-20178`	2025-11-11 14:59:04	2025-11-11 07:46:12
CNNVD	`cnnvd_CNNVD-202306-612`	2025-11-11 15:11:13	2025-11-11 07:58:03

版本与语言

当前版本: v3

主要语言: EN

支持语言:

EN ZH

安全公告

暂无安全公告信息

变更历史

v3 CNNVD

2025-11-11 15:58:03

vulnerability_type: 未提取 → 其他; cnnvd_id: 未提取 → CNNVD-202306-612; data_sources: ['cve', 'nvd'] → ['cnnvd', 'cve', 'nvd']

查看详细变更

vulnerability_type: 未提取 -> 其他
cnnvd_id: 未提取 -> CNNVD-202306-612
data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']

v2 NVD

2025-11-11 15:46:12

affected_products_count: 24 → 26; data_sources: ['cve'] → ['cve', 'nvd']

查看详细变更

affected_products_count: 24 -> 26
data_sources: ['cve'] -> ['cve', 'nvd']

CVE-2023-20178 (CNNVD-202306-612)

中文标题:

Cisco AnyConnect Secure Mobility Client for Windows 安全漏洞

英文标题:

A vulnerability in the client update process of Cisco AnyConnect Secure Mobility Client Software for...

漏洞描述

中文描述:

英文描述:

CWE类型:

标签:

受影响产品

解决方案

中文解决方案:

英文解决方案:

临时解决方案:

参考链接

CVSS评分详情

3.1 (cna)

时间信息

利用信息

数据源详情

版本与语言

安全公告

变更历史