// For flags

CVE-2023-20240

 

Severity Score

5.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Multiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client, could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. These vulnerabilities are due to an out-of-bounds memory read from Cisco Secure Client Software. An attacker could exploit these vulnerabilities by logging in to an affected device at the same time that another user is accessing Cisco Secure Client on the same system, and then sending crafted packets to a port on that local host. A successful exploit could allow the attacker to crash the VPN Agent service, causing it to be unavailable to all users of the system. To exploit these vulnerabilities, the attacker must have valid credentials on a multi-user system.

Múltiples vulnerabilidades en Cisco Secure Client Software, anteriormente AnyConnect Secure Mobility Client, podrían permitir que un atacante local autenticado cause una condición de denegación de servicio (DoS) en un sistema afectado. Estas vulnerabilidades se deben a una lectura de memoria fuera de los límites de Cisco Secure Client Software. Un atacante podría aprovechar estas vulnerabilidades iniciando sesión en un dispositivo afectado al mismo tiempo que otro usuario accede a Cisco Secure Client en el mismo sistema y luego enviando paquetes manipulados a un puerto en ese host local. Un exploit exitoso podría permitir al atacante bloquear el servicio del Agente VPN, provocando que no esté disponible para todos los usuarios del sistema. Para explotar estas vulnerabilidades, el atacante debe tener credenciales válidas en un sistema multiusuario.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2022-10-27 CVE Reserved
  • 2023-11-22 CVE Published
  • 2023-11-23 EPSS Updated
  • 2024-08-02 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-125: Out-of-bounds Read
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Cisco
Search vendor "Cisco"
Anyconnect Secure Mobility Client
Search vendor "Cisco" for product "Anyconnect Secure Mobility Client"
4.9.00086
Search vendor "Cisco" for product "Anyconnect Secure Mobility Client" and version "4.9.00086"
-
Affected
Cisco
Search vendor "Cisco"
Anyconnect Secure Mobility Client
Search vendor "Cisco" for product "Anyconnect Secure Mobility Client"
4.9.01095
Search vendor "Cisco" for product "Anyconnect Secure Mobility Client" and version "4.9.01095"
-
Affected
Cisco
Search vendor "Cisco"
Anyconnect Secure Mobility Client
Search vendor "Cisco" for product "Anyconnect Secure Mobility Client"
4.9.02028
Search vendor "Cisco" for product "Anyconnect Secure Mobility Client" and version "4.9.02028"
-
Affected
Cisco
Search vendor "Cisco"
Anyconnect Secure Mobility Client
Search vendor "Cisco" for product "Anyconnect Secure Mobility Client"
4.9.03047
Search vendor "Cisco" for product "Anyconnect Secure Mobility Client" and version "4.9.03047"
-
Affected
Cisco
Search vendor "Cisco"
Anyconnect Secure Mobility Client
Search vendor "Cisco" for product "Anyconnect Secure Mobility Client"
4.9.03049
Search vendor "Cisco" for product "Anyconnect Secure Mobility Client" and version "4.9.03049"
-
Affected
Cisco
Search vendor "Cisco"
Anyconnect Secure Mobility Client
Search vendor "Cisco" for product "Anyconnect Secure Mobility Client"
4.9.04043
Search vendor "Cisco" for product "Anyconnect Secure Mobility Client" and version "4.9.04043"
-
Affected
Cisco
Search vendor "Cisco"
Anyconnect Secure Mobility Client
Search vendor "Cisco" for product "Anyconnect Secure Mobility Client"
4.9.04053
Search vendor "Cisco" for product "Anyconnect Secure Mobility Client" and version "4.9.04053"
-
Affected
Cisco
Search vendor "Cisco"
Anyconnect Secure Mobility Client
Search vendor "Cisco" for product "Anyconnect Secure Mobility Client"
4.9.05042
Search vendor "Cisco" for product "Anyconnect Secure Mobility Client" and version "4.9.05042"
-
Affected
Cisco
Search vendor "Cisco"
Anyconnect Secure Mobility Client
Search vendor "Cisco" for product "Anyconnect Secure Mobility Client"
4.9.06037
Search vendor "Cisco" for product "Anyconnect Secure Mobility Client" and version "4.9.06037"
-
Affected
Cisco
Search vendor "Cisco"
Secure Client
Search vendor "Cisco" for product "Secure Client"
4.10.00093
Search vendor "Cisco" for product "Secure Client" and version "4.10.00093"
-
Affected
Cisco
Search vendor "Cisco"
Secure Client
Search vendor "Cisco" for product "Secure Client"
4.10.01075
Search vendor "Cisco" for product "Secure Client" and version "4.10.01075"
-
Affected
Cisco
Search vendor "Cisco"
Secure Client
Search vendor "Cisco" for product "Secure Client"
4.10.02086
Search vendor "Cisco" for product "Secure Client" and version "4.10.02086"
-
Affected
Cisco
Search vendor "Cisco"
Secure Client
Search vendor "Cisco" for product "Secure Client"
4.10.03104
Search vendor "Cisco" for product "Secure Client" and version "4.10.03104"
-
Affected
Cisco
Search vendor "Cisco"
Secure Client
Search vendor "Cisco" for product "Secure Client"
4.10.04065
Search vendor "Cisco" for product "Secure Client" and version "4.10.04065"
-
Affected
Cisco
Search vendor "Cisco"
Secure Client
Search vendor "Cisco" for product "Secure Client"
4.10.04071
Search vendor "Cisco" for product "Secure Client" and version "4.10.04071"
-
Affected
Cisco
Search vendor "Cisco"
Secure Client
Search vendor "Cisco" for product "Secure Client"
4.10.05085
Search vendor "Cisco" for product "Secure Client" and version "4.10.05085"
-
Affected
Cisco
Search vendor "Cisco"
Secure Client
Search vendor "Cisco" for product "Secure Client"
4.10.05095
Search vendor "Cisco" for product "Secure Client" and version "4.10.05095"
-
Affected
Cisco
Search vendor "Cisco"
Secure Client
Search vendor "Cisco" for product "Secure Client"
4.10.05111
Search vendor "Cisco" for product "Secure Client" and version "4.10.05111"
-
Affected
Cisco
Search vendor "Cisco"
Secure Client
Search vendor "Cisco" for product "Secure Client"
4.10.06079
Search vendor "Cisco" for product "Secure Client" and version "4.10.06079"
-
Affected
Cisco
Search vendor "Cisco"
Secure Client
Search vendor "Cisco" for product "Secure Client"
4.10.06090
Search vendor "Cisco" for product "Secure Client" and version "4.10.06090"
-
Affected
Cisco
Search vendor "Cisco"
Secure Client
Search vendor "Cisco" for product "Secure Client"
4.10.07061
Search vendor "Cisco" for product "Secure Client" and version "4.10.07061"
-
Affected
Cisco
Search vendor "Cisco"
Secure Client
Search vendor "Cisco" for product "Secure Client"
4.10.07062
Search vendor "Cisco" for product "Secure Client" and version "4.10.07062"
-
Affected
Cisco
Search vendor "Cisco"
Secure Client
Search vendor "Cisco" for product "Secure Client"
4.10.07073
Search vendor "Cisco" for product "Secure Client" and version "4.10.07073"
-
Affected
Cisco
Search vendor "Cisco"
Secure Client
Search vendor "Cisco" for product "Secure Client"
5.0.00238
Search vendor "Cisco" for product "Secure Client" and version "5.0.00238"
-
Affected
Cisco
Search vendor "Cisco"
Secure Client
Search vendor "Cisco" for product "Secure Client"
5.0.00529
Search vendor "Cisco" for product "Secure Client" and version "5.0.00529"
-
Affected
Cisco
Search vendor "Cisco"
Secure Client
Search vendor "Cisco" for product "Secure Client"
5.0.00556
Search vendor "Cisco" for product "Secure Client" and version "5.0.00556"
-
Affected
Cisco
Search vendor "Cisco"
Secure Client
Search vendor "Cisco" for product "Secure Client"
5.0.01242
Search vendor "Cisco" for product "Secure Client" and version "5.0.01242"
-
Affected
Cisco
Search vendor "Cisco"
Secure Client
Search vendor "Cisco" for product "Secure Client"
5.0.02075
Search vendor "Cisco" for product "Secure Client" and version "5.0.02075"
-
Affected
Cisco
Search vendor "Cisco"
Secure Client
Search vendor "Cisco" for product "Secure Client"
5.0.03072
Search vendor "Cisco" for product "Secure Client" and version "5.0.03072"
-
Affected
Cisco
Search vendor "Cisco"
Secure Client
Search vendor "Cisco" for product "Secure Client"
5.0.03076
Search vendor "Cisco" for product "Secure Client" and version "5.0.03076"
-
Affected