CVE-2024-20474

Published: Oct 23, 2024

Modified: Oct 23, 2024

PUBLISHED

CVSS v3.1

4.3

MEDIUM

Description

A vulnerability in Internet Key Exchange version 2 (IKEv2) processing of Cisco Secure Client Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) of Cisco Secure Client. This vulnerability is due to an integer underflow condition. An attacker could exploit this vulnerability by sending a crafted IKEv2 packet to an affected system. A successful exploit could allow the attacker to cause Cisco Secure Client Software to crash, resulting in a DoS condition on the client software. Note: Cisco Secure Client Software releases 4.10 and earlier were known as Cisco AnyConnect Secure Mobility Client.

Vendor	Product	Versions
Cisco	Cisco Secure Client	affected `4.9.00086` affected `4.9.01095` affected `4.9.02028` affected `4.9.03047` affected `4.9.03049` +33 more versions

Weaknesses (CWE)

CWE-191

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

References

cisco-sa-csc-dos-XvPhM3bj

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-20474

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References