Field Notice: FN74373 - Cisco Secure Client Zero Trust Access (ZTA) Agent – Potential Service Interruption Affecting Versions 5.1.8 - 5.1.12 - Software Upgrade Recommended

Available Languages

Updated:February 3, 2026
Document ID:FN74373

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

High
Impact Rating:
High
First Published:
2026-Feb-03
Last Published:
2026-Feb-03
Revision:
1.0
Cisco Bug IDs:

Notice

THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTY OF MERCHANTABILITY. YOUR USE OF THE INFORMATION ON THE FIELD NOTICE OR MATERIALS LINKED FROM THE FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.

Products Affected


Affected Software Product Affected Release Affected Release Number Comments
AnyConnect VPN Client Software 5 5.1.8.105, 5.1.9.113, 5.1.10.233, 5.1.11.388, 5.1.12.146  

Defect Information


Defect IDHeadline
CSCws30211Upgrading from a release affected by CSCws00283 fails since ZTA service cannot be terminated
CSCws00283Zero Trust Access module fails to start when trust bundle signing certificate has expired

Problem Description


Cisco Secure Client ZTA Agent releases 5.1.8 through 5.1.12 are affected by a known defect (CSCws00283) in the ZTA module that will cause the agent to fail on or after January 14, 2026. See the following table for specific dates for each release. 

Cisco Secure Client ZTA Agent Release (affects Windows, macOS, iOS, and Android) Date Zero Trust Access Will Stop Operating
5.1.8 November 20, 2025
5.1.9 January 14, 2026
5.1.10 January 14, 2026
5.1.11 June 4, 2026
5.1.12 June 4, 2026
 

This issue is due to an incorrect check of a code signing certificate expiration date. This defect affects Windows, macOS, iOS, and Android.

To ensure uninterrupted service, it is crucial to upgrade affected clients to the following releases as soon as possible:

  • Release 5.1.14 or later for Windows and macOS
  • Release 5.1.13 or later for iOS and Android

Background


In Cisco Secure Client ZTA Agent releases 5.1.8 through 5.1.12, the ZTA Agent contains an incorrect check of an expiration date for a code signing certificate. The two defects noted in this advisory will prevent the agent from starting once the date noted in the preceding table is reached on all operating systems. On Windows, the defects will also prevent uninstalling/upgrading the client at that same time.


Problem Symptom


CSCws00283 (affects all Operating Systems):

The following error will appear in the agent logs, indicating an incorrect code signing certificate expiration date check. Zero Trust Access will not operate. 

CMSBundle.cpp:140 CMSBundle::Verify() CMS_verify error: error:2E099064:CMS routines:cms_signerinfo_verify_cert:certificate verify error

As outlined in the table in the Problem Description section, the ZTA Agent on the listed releases will stop operating on the respective dates due to the noted defect. On Windows, you will no longer be able to uninstall/upgrade the client unless you are installing Release 5.1.14 or later or you follow the manual steps noted in the CSCws30211 Release Note enclosure.

CSCws30211 (Windows only):

Service Cisco Secure Client - Zero Trust Access Agent' (csc_zta_agent) could not be stopped. Verify that you have sufficient privileges to stop system services.

Workaround/Solution


Cisco strongly recommends planning and executing an upgrade for all ZTA Agents that are running Secure Client ZTA Agent releases 5.1.8 through 5.1.12 to the following releases as soon as possible:

  • Release 5.1.14 or later for Windows and macOS
  • Release 5.1.13 or later for iOS and Android

For detailed information and release notes, see Release Notes for Cisco Secure Client.

Please review your current ZTA Agent releases and the noted dates to determine your exposure and prioritize your upgrade plan.


Revision History


VersionDescriptionSectionDate
1.0Initial Release2026-FEB-03

For More Information

For further assistance or for more information about this field notice, contact the Cisco Technical Assistance Center (TAC) using one of the following methods:

Receive Email Notification About New Field Notices

To receive email updates about Field Notices (reliability and safety issues), Security Advisories (network security issues), and end-of-life announcements for specific Cisco products, set up a profile in My Notifications.

Was this Document Helpful?

FeedbackFeedback

Contact Cisco

This Document Applies to These Products