Ncp Network Communications
Products
3- 9 CVEs
- 8 CVEs
- 2 CVEs
Recent CVEs
17| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-25281 | Hig | 0.51 | 7.8 | 0.00 | Feb 5, 2026 | NCP Secure Entry Client 9.2 contains an unquoted service path vulnerability in multiple Windows services that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted paths in services like ncprwsnt, rwsrsu, ncpclcfg, and NcpSec to inject… | ||
| CVE-2025-26155 | 0.00 | — | 0.01 | Nov 26, 2025 | NCP Secure Enterprise Client 13.18 and NCP Secure Entry Windows Client 13.19 have an Untrusted Search Path vulnerability. | |||
| CVE-2024-20337 | 0.00 | — | 0.30 | Mar 6, 2024 | A vulnerability in the SAML authentication process of Cisco Secure Client could allow an unauthenticated, remote attacker to conduct a carriage return line feed (CRLF) injection attack against a user. This vulnerability is due to insufficient validation of user-supplied… | |||
| CVE-2024-20338 | 0.00 | — | 0.01 | Mar 6, 2024 | A vulnerability in the ISE Posture (System Scan) module of Cisco Secure Client for Linux could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to the use of an uncontrolled search path element. An attacker could… | |||
| CVE-2023-28872 | 0.00 | — | 0.01 | Dec 25, 2023 | Support Assistant in NCP Secure Enterprise Client before 13.10 allows attackers to execute DLL files with SYSTEM privileges by creating a symbolic link from a %LOCALAPPDATA%\Temp\NcpSupport* location. | |||
| CVE-2023-28870 | 0.00 | — | 0.01 | Dec 9, 2023 | Insecure File Permissions in Support Assistant in NCP Secure Enterprise Client before 12.22 allow attackers to write to configuration files from low-privileged user accounts. | |||
| CVE-2023-28868 | 0.00 | — | 0.01 | Dec 9, 2023 | Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers to delete arbitrary files on the operating system by creating a symbolic link. | |||
| CVE-2023-28871 | 0.00 | — | 0.01 | Dec 9, 2023 | Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers to read registry information of the operating system by creating a symbolic link. | |||
| CVE-2023-28869 | 0.00 | — | 0.01 | Dec 9, 2023 | Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers read the contents of arbitrary files on the operating system by creating a symbolic link. | |||
| CVE-2020-11474 | 0.00 | — | 0.01 | Jul 28, 2020 | NCP Secure Enterprise Client before 10.15 r47589 allows a symbolic link attack on enumusb.reg via Support Assistant. | |||
| CVE-2010-5203 | 0.00 | — | 0.00 | Sep 6, 2012 | Multiple untrusted search path vulnerabilities in NCP Secure Enterprise Client before 9.21 Build 68, Secure Entry Client before 9.23 Build 18, and Secure Client - Juniper Edition before 9.23 Build 18 allow local users to gain privileges via a Trojan horse (1) dvccsabase002.dll,… | |||
| CVE-2006-3551 | 0.00 | — | 0.00 | Jul 13, 2006 | NCP Secure Enterprise Client (aka VPN/PKI client) 8.30 Build 59, and possibly earlier versions, when the Link Firewall and Personal Firewall are both configured to block all inbound and outbound network traffic, allows context-dependent attackers to send inbound UDP traffic with… | |||
| CVE-2006-0968 | 0.00 | — | 0.00 | Mar 2, 2006 | The ncprwsnt service in NCP Network Communication Secure Client 8.11 Build 146, and possibly other versions, allows local users to execute arbitrary code by modifying the connect.bat script, which is automatically executed by the service after a connection is established. | |||
| CVE-2006-0966 | 0.00 | — | 0.00 | Mar 2, 2006 | NCP Network Communication Secure Client 8.11 Build 146, and possibly other versions, allows local users to cause a denial of service (CPU consumption) via a large number of arguments to ncprwsnt.exe, possibly due to a buffer overflow. | |||
| CVE-2006-0965 | 0.00 | — | 0.00 | Mar 2, 2006 | NCP Network Communication Secure Client 8.11 Build 146, and possibly other versions, allows local users to bypass security protections and configure privileged options via a long argument to ncpmon.exe, which provides access to alternate privileged menus, possibly due to a… | |||
| CVE-2006-0964 | 0.00 | — | 0.00 | Mar 2, 2006 | Client Firewall in NCP Network Communication Secure Client 8.11 Build 146, and possibly other versions, allows local users to bypass firewall program execution rules by replacing an allowed program with an arbitrary program. | |||
| CVE-2006-0967 | 0.00 | — | 0.00 | Mar 2, 2006 | NCP Network Communication Secure Client 8.11 Build 146, and possibly other versions, allows local users to cause a denial of service (memory usage and cpu utilization) via a flood of arbitrary UDP datagrams to ports 0 to 65000. NOTE: this issue was reported as a buffer overflow,… |
- risk 0.51cvss 7.8epss 0.00
NCP Secure Entry Client 9.2 contains an unquoted service path vulnerability in multiple Windows services that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted paths in services like ncprwsnt, rwsrsu, ncpclcfg, and NcpSec to inject…
- CVE-2025-26155Nov 26, 2025risk 0.00cvss —epss 0.01
NCP Secure Enterprise Client 13.18 and NCP Secure Entry Windows Client 13.19 have an Untrusted Search Path vulnerability.
- CVE-2024-20337Mar 6, 2024risk 0.00cvss —epss 0.30
A vulnerability in the SAML authentication process of Cisco Secure Client could allow an unauthenticated, remote attacker to conduct a carriage return line feed (CRLF) injection attack against a user. This vulnerability is due to insufficient validation of user-supplied…
- CVE-2024-20338Mar 6, 2024risk 0.00cvss —epss 0.01
A vulnerability in the ISE Posture (System Scan) module of Cisco Secure Client for Linux could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to the use of an uncontrolled search path element. An attacker could…
- CVE-2023-28872Dec 25, 2023risk 0.00cvss —epss 0.01
Support Assistant in NCP Secure Enterprise Client before 13.10 allows attackers to execute DLL files with SYSTEM privileges by creating a symbolic link from a %LOCALAPPDATA%\Temp\NcpSupport* location.
- CVE-2023-28870Dec 9, 2023risk 0.00cvss —epss 0.01
Insecure File Permissions in Support Assistant in NCP Secure Enterprise Client before 12.22 allow attackers to write to configuration files from low-privileged user accounts.
- CVE-2023-28868Dec 9, 2023risk 0.00cvss —epss 0.01
Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers to delete arbitrary files on the operating system by creating a symbolic link.
- CVE-2023-28871Dec 9, 2023risk 0.00cvss —epss 0.01
Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers to read registry information of the operating system by creating a symbolic link.
- CVE-2023-28869Dec 9, 2023risk 0.00cvss —epss 0.01
Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers read the contents of arbitrary files on the operating system by creating a symbolic link.
- CVE-2020-11474Jul 28, 2020risk 0.00cvss —epss 0.01
NCP Secure Enterprise Client before 10.15 r47589 allows a symbolic link attack on enumusb.reg via Support Assistant.
- CVE-2010-5203Sep 6, 2012risk 0.00cvss —epss 0.00
Multiple untrusted search path vulnerabilities in NCP Secure Enterprise Client before 9.21 Build 68, Secure Entry Client before 9.23 Build 18, and Secure Client - Juniper Edition before 9.23 Build 18 allow local users to gain privileges via a Trojan horse (1) dvccsabase002.dll,…
- CVE-2006-3551Jul 13, 2006risk 0.00cvss —epss 0.00
NCP Secure Enterprise Client (aka VPN/PKI client) 8.30 Build 59, and possibly earlier versions, when the Link Firewall and Personal Firewall are both configured to block all inbound and outbound network traffic, allows context-dependent attackers to send inbound UDP traffic with…
- CVE-2006-0968Mar 2, 2006risk 0.00cvss —epss 0.00
The ncprwsnt service in NCP Network Communication Secure Client 8.11 Build 146, and possibly other versions, allows local users to execute arbitrary code by modifying the connect.bat script, which is automatically executed by the service after a connection is established.
- CVE-2006-0966Mar 2, 2006risk 0.00cvss —epss 0.00
NCP Network Communication Secure Client 8.11 Build 146, and possibly other versions, allows local users to cause a denial of service (CPU consumption) via a large number of arguments to ncprwsnt.exe, possibly due to a buffer overflow.
- CVE-2006-0965Mar 2, 2006risk 0.00cvss —epss 0.00
NCP Network Communication Secure Client 8.11 Build 146, and possibly other versions, allows local users to bypass security protections and configure privileged options via a long argument to ncpmon.exe, which provides access to alternate privileged menus, possibly due to a…
- CVE-2006-0964Mar 2, 2006risk 0.00cvss —epss 0.00
Client Firewall in NCP Network Communication Secure Client 8.11 Build 146, and possibly other versions, allows local users to bypass firewall program execution rules by replacing an allowed program with an arbitrary program.
- CVE-2006-0967Mar 2, 2006risk 0.00cvss —epss 0.00
NCP Network Communication Secure Client 8.11 Build 146, and possibly other versions, allows local users to cause a denial of service (memory usage and cpu utilization) via a flood of arbitrary UDP datagrams to ports 0 to 65000. NOTE: this issue was reported as a buffer overflow,…