CVE-2024-20474 — Integer Underflow (Wrap or Wraparound) in Cisco Secure Client

CWE-191 — Integer Underflow (Wrap or Wraparound)4 documents4 sources

Severity

6.5MEDIUMNVD

CNA4.3

EPSS

0.6%

top 30.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Secure Client Cisco Anyconnect Secure Mobility Client Cisco Secure Client

Timeline

PublishedOct 23

Description

A vulnerability in Internet Key Exchange version 2 (IKEv2) processing of Cisco Secure Client Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) of Cisco Secure Client. This vulnerability is due to an integer underflow condition. An attacker could exploit this vulnerability by sending a crafted IKEv2 packet to an affected system. A successful exploit could allow the attacker to cause Cisco Secure Client Software to crash, resulting in a DoS condition on th…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶NVDcisco/anyconnect_secure_mobility_client9 versions+8

▶NVDcisco/secure_client29 versions+28

▶CVEListV5cisco/cisco_secure_client38 versions+37

🔴Vulnerability Details

CVEList

CVE-2024-20474: A vulnerability in Internet Key Exchange version 2 (IKEv2) processing of Cisco Secure Client Software could allow an unauthenticated, remote attacker↗2024-10-23

▶

GHSA

GHSA-f5rp-4vg3-xcrx: A vulnerability in Internet Key Exchange version 2 (IKEv2) processing of Cisco Secure Client Software could allow an unauthenticated, remote attacker↗2024-10-23

▶

📋Vendor Advisories

Cisco

Cisco Secure Client Software Denial of Service Vulnerability↗2024-10-23

▶