CVE-2024-20474
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Summary
A vulnerability in Internet Key Exchange version 2 (IKEv2) processing of Cisco Secure Client Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) of Cisco Secure Client. This vulnerability is due to an integer underflow condition. An attacker could exploit this vulnerability by sending a crafted IKEv2 packet to an affected system. A successful exploit could allow the attacker to cause Cisco Secure Client Software to crash, resulting in a DoS condition on the client software. Note: Cisco Secure Client Software releases 4.10 and earlier were known as Cisco AnyConnect Secure Mobility Client.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Cisco | Cisco Secure Client | 4.9.00086 | affected |
| Cisco | Cisco Secure Client | 4.9.01095 | affected |
| Cisco | Cisco Secure Client | 4.9.02028 | affected |
| Cisco | Cisco Secure Client | 4.9.03047 | affected |
| Cisco | Cisco Secure Client | 4.9.03049 | affected |
| Cisco | Cisco Secure Client | 4.9.04043 | affected |
| Cisco | Cisco Secure Client | 4.9.04053 | affected |
| Cisco | Cisco Secure Client | 4.9.05042 | affected |
| Cisco | Cisco Secure Client | 4.9.06037 | affected |
| Cisco | Cisco Secure Client | 4.10.00093 | affected |
| Cisco | Cisco Secure Client | 4.10.01075 | affected |
| Cisco | Cisco Secure Client | 4.10.02086 | affected |
| Cisco | Cisco Secure Client | 4.10.03104 | affected |
| Cisco | Cisco Secure Client | 4.10.04065 | affected |
| Cisco | Cisco Secure Client | 4.10.04071 | affected |
| Cisco | Cisco Secure Client | 4.10.05085 | affected |
| Cisco | Cisco Secure Client | 4.10.05095 | affected |
| Cisco | Cisco Secure Client | 4.10.05111 | affected |
| Cisco | Cisco Secure Client | 4.10.06079 | affected |
| Cisco | Cisco Secure Client | 4.10.06090 | affected |
| Cisco | Cisco Secure Client | 4.10.07061 | affected |
| Cisco | Cisco Secure Client | 4.10.07062 | affected |
| Cisco | Cisco Secure Client | 4.10.07073 | affected |
| Cisco | Cisco Secure Client | 4.10.08025 | affected |
| Cisco | Cisco Secure Client | 4.10.08029 | affected |
| Cisco | Cisco Secure Client | 5.0.00238 | affected |
| Cisco | Cisco Secure Client | 5.0.00529 | affected |
| Cisco | Cisco Secure Client | 5.0.00556 | affected |
| Cisco | Cisco Secure Client | 5.0.01242 | affected |
| Cisco | Cisco Secure Client | 5.0.02075 | affected |
| Cisco | Cisco Secure Client | 5.0.03072 | affected |
| Cisco | Cisco Secure Client | 5.0.03076 | affected |
| Cisco | Cisco Secure Client | 5.0.04032 | affected |
| Cisco | Cisco Secure Client | 5.0.05040 | affected |
| Cisco | Cisco Secure Client | 5.1.0.136 | affected |
| Cisco | Cisco Secure Client | 5.1.1.42 | affected |
| Cisco | Cisco Secure Client | 5.1.2.42 | affected |
| Cisco | Cisco Secure Client | 5.1.3.62 | affected |
Weaknesses
- CWE-191: Integer Underflow (Wrap or Wraparound)
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.