A vulnerability in Internet Key Exchange version 2 (IKEv2) processing of Cisco Secure Client Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) of Cisco Secure Client.
This vulnerability is due to an integer underflow condition. An attacker could exploit this vulnerability by sending a crafted IKEv2 packet to an affected system. A successful exploit could allow the attacker to cause Cisco Secure Client Software to crash, resulting in a DoS condition on the client software.
Note: Cisco Secure Client Software releases 4.10 and earlier were known as Cisco AnyConnect Secure Mobility Client.
References
Link | Resource |
---|---|
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csc-dos-XvPhM3bj | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
01 Nov 2024, 18:14
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:cisco:secure_client:5.0.00238:*:*:*:*:*:*:* cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.9.01095:*:*:*:*:*:*:* cpe:2.3:a:cisco:secure_client:4.10.01075:*:*:*:*:*:*:* cpe:2.3:a:cisco:secure_client:4.10.07062:*:*:*:*:*:*:* cpe:2.3:a:cisco:secure_client:5.0.03072:*:*:*:*:*:*:* cpe:2.3:a:cisco:secure_client:4.10.06090:*:*:*:*:*:*:* cpe:2.3:a:cisco:secure_client:5.0.05040:*:*:*:*:*:*:* cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.9.04043:*:*:*:*:*:*:* cpe:2.3:a:cisco:secure_client:4.10.04065:*:*:*:*:*:*:* cpe:2.3:a:cisco:secure_client:5.0.04032:*:*:*:*:*:*:* cpe:2.3:a:cisco:secure_client:4.10.07073:*:*:*:*:*:*:* cpe:2.3:a:cisco:secure_client:4.10.00093:*:*:*:*:*:*:* cpe:2.3:a:cisco:secure_client:5.1.3.62:*:*:*:*:*:*:* cpe:2.3:a:cisco:secure_client:4.10.02086:*:*:*:*:*:*:* cpe:2.3:a:cisco:secure_client:4.10.05111:*:*:*:*:*:*:* cpe:2.3:a:cisco:secure_client:4.10.08025:*:*:*:*:*:*:* cpe:2.3:a:cisco:secure_client:4.10.04071:*:*:*:*:*:*:* cpe:2.3:a:cisco:secure_client:5.0.03076:*:*:*:*:*:*:* cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.9.04053:*:*:*:*:*:*:* cpe:2.3:a:cisco:secure_client:4.10.03104:*:*:*:*:*:*:* cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.9.03049:*:*:*:*:*:*:* cpe:2.3:a:cisco:secure_client:5.0.00529:*:*:*:*:*:*:* cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.9.02028:*:*:*:*:*:*:* cpe:2.3:a:cisco:secure_client:4.10.07061:*:*:*:*:*:*:* cpe:2.3:a:cisco:secure_client:4.10.06079:*:*:*:*:*:*:* cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.9.00086:*:*:*:*:*:*:* cpe:2.3:a:cisco:secure_client:5.1.0.136:*:*:*:*:*:*:* cpe:2.3:a:cisco:secure_client:4.10.05085:*:*:*:*:*:*:* cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.9.05042:*:*:*:*:*:*:* cpe:2.3:a:cisco:secure_client:4.10.05095:*:*:*:*:*:*:* cpe:2.3:a:cisco:secure_client:4.10.08029:*:*:*:*:*:*:* cpe:2.3:a:cisco:secure_client:5.0.02075:*:*:*:*:*:*:* cpe:2.3:a:cisco:secure_client:5.1.1.42:*:*:*:*:*:*:* cpe:2.3:a:cisco:secure_client:5.1.2.42:*:*:*:*:*:*:* cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.9.03047:*:*:*:*:*:*:* cpe:2.3:a:cisco:secure_client:5.0.01242:*:*:*:*:*:*:* cpe:2.3:a:cisco:secure_client:5.0.00556:*:*:*:*:*:*:* cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.9.06037:*:*:*:*:*:*:* |
|
First Time |
Cisco
Cisco anyconnect Secure Mobility Client Cisco secure Client |
|
References | () https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csc-dos-XvPhM3bj - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
25 Oct 2024, 12:56
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
23 Oct 2024, 18:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-10-23 18:15
Updated : 2024-11-01 18:14
NVD link : CVE-2024-20474
Mitre link : CVE-2024-20474
CVE.ORG link : CVE-2024-20474
JSON object : View
Products Affected
cisco
- secure_client
- anyconnect_secure_mobility_client
CWE
CWE-191
Integer Underflow (Wrap or Wraparound)