CVE-2023-20240

CWE-125 — Out-of-bounds Read4 documents4 sources

Severity

5.5MEDIUM

EPSS

0.0%

top 90.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Cisco Secure Client Cisco Anyconnect Secure Mobility Client Cisco Secure Client

Timeline

PublishedNov 22

Description

Multiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client, could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. These vulnerabilities are due to an out-of-bounds memory read from Cisco Secure Client Software. An attacker could exploit these vulnerabilities by logging in to an affected device at the same time that another user is accessing Cisco Secure Client on the same system, and then sending…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶NVDcisco/anyconnect_secure_mobility_client9 versions+8

▶NVDcisco/secure_client21 versions+20

▶CVEListV5cisco/cisco_secure_client30 versions+29

🔴Vulnerability Details

GHSA

GHSA-qwhq-2jqj-q642: Multiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client, could allow an authenticated, local attacker to↗2023-11-22

▶

CVEList

CVE-2023-20240: Multiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client, could allow an authenticated, local attacker to↗2023-11-22

▶

📋Vendor Advisories

Cisco

Cisco Secure Client Software Denial of Service Vulnerabilities↗2023-11-15

▶