Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-20241

Published: 22/11/2023 Updated: 25/01/2024
CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8
VMScore: 0
Subscribe to Anyconnect Secure Mobility Client

Vulnerability Summary

Multiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client, could allow an authenticated, local malicious user to cause a denial of service (DoS) condition on an affected system. These vulnerabilities are due to an out-of-bounds memory read from Cisco Secure Client Software. An attacker could exploit these vulnerabilities by logging in to an affected device at the same time that another user is accessing Cisco Secure Client on the same system, and then sending crafted packets to a port on that local host. A successful exploit could allow the malicious user to crash the VPN Agent service, causing it to be unavailable to all users of the system. To exploit these vulnerabilities, the attacker must have valid credentials on a multi-user system.

Vulnerable Product Search on Vulmon Subscribe to Product

cisco anyconnect secure mobility client 4.9.00086

cisco anyconnect secure mobility client 4.9.01095

cisco anyconnect secure mobility client 4.9.02028

cisco anyconnect secure mobility client 4.9.03047

cisco anyconnect secure mobility client 4.9.03049

cisco anyconnect secure mobility client 4.9.04043

cisco anyconnect secure mobility client 4.9.04053

cisco anyconnect secure mobility client 4.9.05042

cisco anyconnect secure mobility client 4.9.06037

cisco secure client 4.10.00093

cisco secure client 4.10.01075

cisco secure client 4.10.02086

cisco secure client 4.10.03104

cisco secure client 4.10.04065

cisco secure client 4.10.04071

cisco secure client 4.10.05085

cisco secure client 4.10.05095

cisco secure client 4.10.05111

cisco secure client 4.10.06079

cisco secure client 4.10.06090

cisco secure client 4.10.07061

cisco secure client 4.10.07062

cisco secure client 4.10.07073

cisco secure client 5.0.00238

cisco secure client 5.0.00529

cisco secure client 5.0.00556

cisco secure client 5.0.01242

cisco secure client 5.0.02075

cisco secure client 5.0.03072

cisco secure client 5.0.03076

Vendor Advisories

Cisco: Cisco Secure Client Software Denial of Service Vulnerabilities
Multiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client, could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system These vulnerabilities are due to an out-of-bounds memory read from Cisco Secure Client Software An attacker could exploit these vulner ...

References

CWE-125https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-accsc-dos-9SLzkZ8https://nvd.nist.govhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-accsc-dos-9SLzkZ8
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
encryptionCVE-2024-4331CVE-2024-26925arbitrary codeCVE-2006-4304CVE-2024-25458CVE-2024-27077reflected XSSCVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook