Out-of-bounds

2023-11-2217:15:00

PRIOn knowledge base

www.prio-n.com

cisco secure client

dos

vulnerabilities

crafted packets

out-of-bounds

multi-user

6.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Multiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client, could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. These vulnerabilities are due to an out-of-bounds memory read from Cisco Secure Client Software. An attacker could exploit these vulnerabilities by logging in to an affected device at the same time that another user is accessing Cisco Secure Client on the same system, and then sending crafted packets to a port on that local host. A successful exploit could allow the attacker to crash the VPN Agent service, causing it to be unavailable to all users of the system. To exploit these vulnerabilities, the attacker must have valid credentials on a multi-user system.

CPENameOperatorVersion
anyconnect_secure_mobility_clienteq4.9.00086
anyconnect_secure_mobility_clienteq4.9.01095
anyconnect_secure_mobility_clienteq4.9.02028
anyconnect_secure_mobility_clienteq4.9.03047
anyconnect_secure_mobility_clienteq4.9.03049
anyconnect_secure_mobility_clienteq4.9.04043
anyconnect_secure_mobility_clienteq4.9.04053
anyconnect_secure_mobility_clienteq4.9.05042
anyconnect_secure_mobility_clienteq4.9.06037
secure_clienteq4.10.00093

Name	Operator	Version
anyconnect_secure_mobility_client	eq	4.9.00086
anyconnect_secure_mobility_client	eq	4.9.01095
anyconnect_secure_mobility_client	eq	4.9.02028
anyconnect_secure_mobility_client	eq	4.9.03047
anyconnect_secure_mobility_client	eq	4.9.03049
anyconnect_secure_mobility_client	eq	4.9.04043
anyconnect_secure_mobility_client	eq	4.9.04053
anyconnect_secure_mobility_client	eq	4.9.05042
anyconnect_secure_mobility_client	eq	4.9.06037
secure_client	eq	4.10.00093