Lucene search

K
cve[email protected]CVE-2023-20240
HistoryNov 22, 2023 - 5:15 p.m.

CVE-2023-20240

2023-11-2217:15:18
CWE-125
web.nvd.nist.gov
41
cisco
secure client
anyconnect
mobility client
vulnerability
dos
denial of service
nvd
cve-2023-20240

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

5.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

Multiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client, could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. These vulnerabilities are due to an out-of-bounds memory read from Cisco Secure Client Software. An attacker could exploit these vulnerabilities by logging in to an affected device at the same time that another user is accessing Cisco Secure Client on the same system, and then sending crafted packets to a port on that local host. A successful exploit could allow the attacker to crash the VPN Agent service, causing it to be unavailable to all users of the system. To exploit these vulnerabilities, the attacker must have valid credentials on a multi-user system.

Affected configurations

NVD
Node
ciscoanyconnect_secure_mobility_clientMatch4.9.00086
OR
ciscoanyconnect_secure_mobility_clientMatch4.9.01095
OR
ciscoanyconnect_secure_mobility_clientMatch4.9.02028
OR
ciscoanyconnect_secure_mobility_clientMatch4.9.03047
OR
ciscoanyconnect_secure_mobility_clientMatch4.9.03049
OR
ciscoanyconnect_secure_mobility_clientMatch4.9.04043
OR
ciscoanyconnect_secure_mobility_clientMatch4.9.04053
OR
ciscoanyconnect_secure_mobility_clientMatch4.9.05042
OR
ciscoanyconnect_secure_mobility_clientMatch4.9.06037
Node
ciscosecure_clientMatch4.10.00093
OR
ciscosecure_clientMatch4.10.01075
OR
ciscosecure_clientMatch4.10.02086
OR
ciscosecure_clientMatch4.10.03104
OR
ciscosecure_clientMatch4.10.04065
OR
ciscosecure_clientMatch4.10.04071
OR
ciscosecure_clientMatch4.10.05085
OR
ciscosecure_clientMatch4.10.05095
OR
ciscosecure_clientMatch4.10.05111
OR
ciscosecure_clientMatch4.10.06079
OR
ciscosecure_clientMatch4.10.06090
OR
ciscosecure_clientMatch4.10.07061
OR
ciscosecure_clientMatch4.10.07062
OR
ciscosecure_clientMatch4.10.07073
OR
ciscosecure_clientMatch5.0.00238
OR
ciscosecure_clientMatch5.0.00529
OR
ciscosecure_clientMatch5.0.00556
OR
ciscosecure_clientMatch5.0.01242
OR
ciscosecure_clientMatch5.0.02075
OR
ciscosecure_clientMatch5.0.03072
OR
ciscosecure_clientMatch5.0.03076

CNA Affected

[
  {
    "vendor": "Cisco",
    "product": "Cisco Secure Client",
    "versions": [
      {
        "version": "4.9.00086",
        "status": "affected"
      },
      {
        "version": "4.9.01095",
        "status": "affected"
      },
      {
        "version": "4.9.02028",
        "status": "affected"
      },
      {
        "version": "4.9.03047",
        "status": "affected"
      },
      {
        "version": "4.9.03049",
        "status": "affected"
      },
      {
        "version": "4.9.04043",
        "status": "affected"
      },
      {
        "version": "4.9.04053",
        "status": "affected"
      },
      {
        "version": "4.9.05042",
        "status": "affected"
      },
      {
        "version": "4.9.06037",
        "status": "affected"
      },
      {
        "version": "4.10.00093",
        "status": "affected"
      },
      {
        "version": "4.10.01075",
        "status": "affected"
      },
      {
        "version": "4.10.02086",
        "status": "affected"
      },
      {
        "version": "4.10.03104",
        "status": "affected"
      },
      {
        "version": "4.10.04065",
        "status": "affected"
      },
      {
        "version": "4.10.04071",
        "status": "affected"
      },
      {
        "version": "4.10.05085",
        "status": "affected"
      },
      {
        "version": "4.10.05095",
        "status": "affected"
      },
      {
        "version": "4.10.05111",
        "status": "affected"
      },
      {
        "version": "4.10.06079",
        "status": "affected"
      },
      {
        "version": "4.10.06090",
        "status": "affected"
      },
      {
        "version": "4.10.07061",
        "status": "affected"
      },
      {
        "version": "4.10.07062",
        "status": "affected"
      },
      {
        "version": "4.10.07073",
        "status": "affected"
      },
      {
        "version": "5.0.00238",
        "status": "affected"
      },
      {
        "version": "5.0.00529",
        "status": "affected"
      },
      {
        "version": "5.0.00556",
        "status": "affected"
      },
      {
        "version": "5.0.01242",
        "status": "affected"
      },
      {
        "version": "5.0.02075",
        "status": "affected"
      },
      {
        "version": "5.0.03072",
        "status": "affected"
      },
      {
        "version": "5.0.03076",
        "status": "affected"
      }
    ]
  }
]

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

5.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

Related for CVE-2023-20240