CVE-2024-20474
MEDIUM EPSS 43.0%
Published Oct 23, 20241y ago · Modified Jun 17, 20262w ago
6.5 CVSS 3.1
Published Oct 23, 2024 1y ago
Last Modified Jun 17, 2026 2w ago
Description
A vulnerability in Internet Key Exchange version 2 (IKEv2) processing of Cisco Secure Client Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) of Cisco Secure Client. This vulnerability is due to an integer underflow condition. An attacker could exploit this vulnerability by sending a crafted IKEv2 packet to an affected system. A successful exploit could allow the attacker to cause Cisco Secure Client Software to crash, resulting in a DoS condition on the client software. Note: Cisco Secure Client Software releases 4.10 and earlier were known as Cisco AnyConnect Secure Mobility Client.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality None
Integrity None
Availability High
Threat Intelligence
EPSS Exploit Probability
43.0% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-191
Affected Products 38
| Vendor | Product | Version | Range |
|---|---|---|---|
| cisco | anyconnect_secure_mobility_client | 4.9.00086 | any |
| cisco | anyconnect_secure_mobility_client | 4.9.01095 | any |
| cisco | anyconnect_secure_mobility_client | 4.9.02028 | any |
| cisco | anyconnect_secure_mobility_client | 4.9.03047 | any |
| cisco | anyconnect_secure_mobility_client | 4.9.03049 | any |
| cisco | anyconnect_secure_mobility_client | 4.9.04043 | any |
| cisco | anyconnect_secure_mobility_client | 4.9.04053 | any |
| cisco | anyconnect_secure_mobility_client | 4.9.05042 | any |
| cisco | anyconnect_secure_mobility_client | 4.9.06037 | any |
| cisco | secure_client | 4.10.00093 | any |
| cisco | secure_client | 4.10.01075 | any |
| cisco | secure_client | 4.10.02086 | any |
| cisco | secure_client | 4.10.03104 | any |
| cisco | secure_client | 4.10.04065 | any |
| cisco | secure_client | 4.10.04071 | any |
| cisco | secure_client | 4.10.05085 | any |
| cisco | secure_client | 4.10.05095 | any |
| cisco | secure_client | 4.10.05111 | any |
| cisco | secure_client | 4.10.06079 | any |
| cisco | secure_client | 4.10.06090 | any |
| cisco | secure_client | 4.10.07061 | any |
| cisco | secure_client | 4.10.07062 | any |
| cisco | secure_client | 4.10.07073 | any |
| cisco | secure_client | 4.10.08025 | any |
| cisco | secure_client | 4.10.08029 | any |
| cisco | secure_client | 5.0.00238 | any |
| cisco | secure_client | 5.0.00529 | any |
| cisco | secure_client | 5.0.00556 | any |
| cisco | secure_client | 5.0.01242 | any |
| cisco | secure_client | 5.0.02075 | any |
| cisco | secure_client | 5.0.03072 | any |
| cisco | secure_client | 5.0.03076 | any |
| cisco | secure_client | 5.0.04032 | any |
| cisco | secure_client | 5.0.05040 | any |
| cisco | secure_client | 5.1.0.136 | any |
| cisco | secure_client | 5.1.1.42 | any |
| cisco | secure_client | 5.1.2.42 | any |
| cisco | secure_client | 5.1.3.62 | any |
References 1
- sec.cloudapps.cisco.com https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csc-dos-XvPhM3bj
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.