How to update Secure Client UI version?

GC82 · ‎10-30-2023

Based on MS365 Defender i'm advised to update Cisco Secure Client to version 5.0.02075 or newer to fix CVE-2023-20178 vulnerability. I have then downloadet the cisco-secure-client-win-5.0.05040-predeploy-k9 package and installed the modules core-vpn and umbrella. My version numbers in Secure Client then updates to these versions:
AnyConnect VPN (5.0.05040)
Secure Client UI (5.0.00923) - no change
Secure Endpoint (8.2.1.21612)
Umbrella (5.0.05040)

But Secure Client UI does not update - how do i update the "base" UI module located here:
C:\Program Files (x86)\Cisco\Cisco Secure Client\UI\csc_ui.exe

MS365 Defender still detects the 5.0.00923 version after the core-vpn and umbrella updates.

Is this a false positive regarding the CVE-2023-20178 or have any of you managed to update the UI module to a newer version?

mleather · ‎04-12-2024

Same issue, except on the most recent update. All other modules are updated. This is really annoying and I can't find anything about how to resolve it. Only difference is that Defender is reporting it on this file path, not the actual Secure UI filepath, although the actual client application does show the old version.

Where we detected this software

File paths

C:\Program Files (x86)\Cisco\Cisco Secure Client\UmbrellaDiagnostic.exe

Detected version

5.1.1.0

Evidence Last found

Apr 12, 2024 5:20:29 AM

markalbacore · ‎04-26-2024

We are seeing the same, Secure Client UI is stuck at 5.1.0.1047

GC82 · ‎04-26-2024

I'm also up to 5.1.0.1047 wich came with an update til the VPN module - that i downloaded throug our Cisco Meraki solution.
So the module do gets an update now and then throung the VPN module.
Right now i still have a CVE-2024-20337 vulnability recarding the Cisco Secure Client but there is right now no known patch or update that fixes this. (There is also no known indication that the vulnerability is being exploited.)