A vulnerability in the uninstaller component of Cisco AnyConnect Secure Mobility Client for Mac OS could allow an authenticated, local attacker to corrupt the content of any file in the filesystem. The vulnerability is due to the incorrect handling of directory paths. An attacker could exploit this vulnerability by creating a symbolic link (symlink) to a target file on a specific path. A successful exploit could allow the attacker to corrupt the contents of the file. If the file is a critical systems file, the exploit could lead to a denial of service condition. To exploit this vulnerability, the attacker would need to have valid credentials on the system.

Insufficient permissions in Ivanti Secure Access Client before version 22.8R1 allows a local authenticated attacker to delete arbitrary files.

Improper bounds checking in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker with admin privileges to cause a denial of service.

Insufficient validation in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges.

A race condition in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to modify sensitive configuration files.

A buffer over-read in Ivanti Secure Access Client before 22.7R4 allows a local unauthenticated attacker to cause a denial of service.

Incorrect permissions in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to create arbitrary folders.

Improper authorization in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker to modify sensitive configuration files.

Incorrect permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges.

A vulnerability in Internet Key Exchange version 2 (IKEv2) processing of Cisco Secure Client Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) of Cisco Secure Client. This vulnerability is due to an integer underflow condition. An attacker could exploit this vulnerability by sending a crafted IKEv2 packet to an affected system. A successful exploit could allow the attacker to cause Cisco Secure Client Software to crash, resulting in a DoS condition on the client software. Note: Cisco Secure Client Software releases 4.10 and earlier were known as Cisco AnyConnect Secure Mobility Client.