CVE-2024-20474

MEDIUM EPSS 43.0%
Published Oct 23, 20241y ago · Modified Jun 17, 20262w ago
6.5 CVSS 3.1
Medium
Find Similar
Published Oct 23, 2024 1y ago
Last Modified Jun 17, 2026 2w ago

Description

A vulnerability in Internet Key Exchange version 2 (IKEv2) processing of Cisco Secure Client Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) of Cisco Secure Client. This vulnerability is due to an integer underflow condition. An attacker could exploit this vulnerability by sending a crafted IKEv2 packet to an affected system. A successful exploit could allow the attacker to cause Cisco Secure Client Software to crash, resulting in a DoS condition on the client software. Note: Cisco Secure Client Software releases 4.10 and earlier were known as Cisco AnyConnect Secure Mobility Client.

CVSS Details

Base Score
6.5
Exploitability
2.8
Impact
3.6
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
43.0% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-191

Affected Products 38

VendorProductVersionRange
ciscoanyconnect_secure_mobility_client4.9.00086any
ciscoanyconnect_secure_mobility_client4.9.01095any
ciscoanyconnect_secure_mobility_client4.9.02028any
ciscoanyconnect_secure_mobility_client4.9.03047any
ciscoanyconnect_secure_mobility_client4.9.03049any
ciscoanyconnect_secure_mobility_client4.9.04043any
ciscoanyconnect_secure_mobility_client4.9.04053any
ciscoanyconnect_secure_mobility_client4.9.05042any
ciscoanyconnect_secure_mobility_client4.9.06037any
ciscosecure_client4.10.00093any
ciscosecure_client4.10.01075any
ciscosecure_client4.10.02086any
ciscosecure_client4.10.03104any
ciscosecure_client4.10.04065any
ciscosecure_client4.10.04071any
ciscosecure_client4.10.05085any
ciscosecure_client4.10.05095any
ciscosecure_client4.10.05111any
ciscosecure_client4.10.06079any
ciscosecure_client4.10.06090any
ciscosecure_client4.10.07061any
ciscosecure_client4.10.07062any
ciscosecure_client4.10.07073any
ciscosecure_client4.10.08025any
ciscosecure_client4.10.08029any
ciscosecure_client5.0.00238any
ciscosecure_client5.0.00529any
ciscosecure_client5.0.00556any
ciscosecure_client5.0.01242any
ciscosecure_client5.0.02075any
ciscosecure_client5.0.03072any
ciscosecure_client5.0.03076any
ciscosecure_client5.0.04032any
ciscosecure_client5.0.05040any
ciscosecure_client5.1.0.136any
ciscosecure_client5.1.1.42any
ciscosecure_client5.1.2.42any
ciscosecure_client5.1.3.62any

References 1

  • sec.cloudapps.cisco.com https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csc-dos-XvPhM3bj
    Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.