Lucene search

[email protected]CVE-2023-20240

HistoryNov 22, 2023 - 5:15 p.m.

CVE-2023-20240

2023-11-2217:15:18

CWE-125

[email protected]

web.nvd.nist.gov

cisco

secure client

anyconnect

mobility client

vulnerability

dos

denial of service

nvd

cve-2023-20240

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

5.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Multiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client, could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. These vulnerabilities are due to an out-of-bounds memory read from Cisco Secure Client Software. An attacker could exploit these vulnerabilities by logging in to an affected device at the same time that another user is accessing Cisco Secure Client on the same system, and then sending crafted packets to a port on that local host. A successful exploit could allow the attacker to crash the VPN Agent service, causing it to be unavailable to all users of the system. To exploit these vulnerabilities, the attacker must have valid credentials on a multi-user system.

Affected configurations

NVD

Node

ciscoanyconnect_secure_mobility_clientMatch4.9.00086

ciscoanyconnect_secure_mobility_clientMatch4.9.01095

ciscoanyconnect_secure_mobility_clientMatch4.9.02028

ciscoanyconnect_secure_mobility_clientMatch4.9.03047

ciscoanyconnect_secure_mobility_clientMatch4.9.03049

ciscoanyconnect_secure_mobility_clientMatch4.9.04043

ciscoanyconnect_secure_mobility_clientMatch4.9.04053

ciscoanyconnect_secure_mobility_clientMatch4.9.05042

ciscoanyconnect_secure_mobility_clientMatch4.9.06037

Node

ciscosecure_clientMatch4.10.00093

ciscosecure_clientMatch4.10.01075

ciscosecure_clientMatch4.10.02086

ciscosecure_clientMatch4.10.03104

ciscosecure_clientMatch4.10.04065

ciscosecure_clientMatch4.10.04071

ciscosecure_clientMatch4.10.05085

ciscosecure_clientMatch4.10.05095

ciscosecure_clientMatch4.10.05111

ciscosecure_clientMatch4.10.06079

ciscosecure_clientMatch4.10.06090

ciscosecure_clientMatch4.10.07061

ciscosecure_clientMatch4.10.07062

ciscosecure_clientMatch4.10.07073

ciscosecure_clientMatch5.0.00238

ciscosecure_clientMatch5.0.00529

ciscosecure_clientMatch5.0.00556

ciscosecure_clientMatch5.0.01242

ciscosecure_clientMatch5.0.02075

ciscosecure_clientMatch5.0.03072

ciscosecure_clientMatch5.0.03076

CPENameOperatorVersion
cisco:anyconnect_secure_mobility_clientcisco anyconnect secure mobility clienteq4.9.00086
cisco:anyconnect_secure_mobility_clientcisco anyconnect secure mobility clienteq4.9.01095
cisco:anyconnect_secure_mobility_clientcisco anyconnect secure mobility clienteq4.9.02028
cisco:anyconnect_secure_mobility_clientcisco anyconnect secure mobility clienteq4.9.03047
cisco:anyconnect_secure_mobility_clientcisco anyconnect secure mobility clienteq4.9.03049
cisco:anyconnect_secure_mobility_clientcisco anyconnect secure mobility clienteq4.9.04043
cisco:anyconnect_secure_mobility_clientcisco anyconnect secure mobility clienteq4.9.04053
cisco:anyconnect_secure_mobility_clientcisco anyconnect secure mobility clienteq4.9.05042
cisco:anyconnect_secure_mobility_clientcisco anyconnect secure mobility clienteq4.9.06037

CPE	Name	Operator	Version
cisco:anyconnect_secure_mobility_client	cisco anyconnect secure mobility client	eq	4.9.00086
cisco:anyconnect_secure_mobility_client	cisco anyconnect secure mobility client	eq	4.9.01095
cisco:anyconnect_secure_mobility_client	cisco anyconnect secure mobility client	eq	4.9.02028
cisco:anyconnect_secure_mobility_client	cisco anyconnect secure mobility client	eq	4.9.03047
cisco:anyconnect_secure_mobility_client	cisco anyconnect secure mobility client	eq	4.9.03049
cisco:anyconnect_secure_mobility_client	cisco anyconnect secure mobility client	eq	4.9.04043
cisco:anyconnect_secure_mobility_client	cisco anyconnect secure mobility client	eq	4.9.04053
cisco:anyconnect_secure_mobility_client	cisco anyconnect secure mobility client	eq	4.9.05042
cisco:anyconnect_secure_mobility_client	cisco anyconnect secure mobility client	eq	4.9.06037

CNA Affected

[
  {
    "vendor": "Cisco",
    "product": "Cisco Secure Client",
    "versions": [
      {
        "version": "4.9.00086",
        "status": "affected"
      },
      {
        "version": "4.9.01095",
        "status": "affected"
      },
      {
        "version": "4.9.02028",
        "status": "affected"
      },
      {
        "version": "4.9.03047",
        "status": "affected"
      },
      {
        "version": "4.9.03049",
        "status": "affected"
      },
      {
        "version": "4.9.04043",
        "status": "affected"
      },
      {
        "version": "4.9.04053",
        "status": "affected"
      },
      {
        "version": "4.9.05042",
        "status": "affected"
      },
      {
        "version": "4.9.06037",
        "status": "affected"
      },
      {
        "version": "4.10.00093",
        "status": "affected"
      },
      {
        "version": "4.10.01075",
        "status": "affected"
      },
      {
        "version": "4.10.02086",
        "status": "affected"
      },
      {
        "version": "4.10.03104",
        "status": "affected"
      },
      {
        "version": "4.10.04065",
        "status": "affected"
      },
      {
        "version": "4.10.04071",
        "status": "affected"
      },
      {
        "version": "4.10.05085",
        "status": "affected"
      },
      {
        "version": "4.10.05095",
        "status": "affected"
      },
      {
        "version": "4.10.05111",
        "status": "affected"
      },
      {
        "version": "4.10.06079",
        "status": "affected"
      },
      {
        "version": "4.10.06090",
        "status": "affected"
      },
      {
        "version": "4.10.07061",
        "status": "affected"
      },
      {
        "version": "4.10.07062",
        "status": "affected"
      },
      {
        "version": "4.10.07073",
        "status": "affected"
      },
      {
        "version": "5.0.00238",
        "status": "affected"
      },
      {
        "version": "5.0.00529",
        "status": "affected"
      },
      {
        "version": "5.0.00556",
        "status": "affected"
      },
      {
        "version": "5.0.01242",
        "status": "affected"
      },
      {
        "version": "5.0.02075",
        "status": "affected"
      },
      {
        "version": "5.0.03072",
        "status": "affected"
      },
      {
        "version": "5.0.03076",
        "status": "affected"
      }
    ]
  }
]