CVE-2023-20241
Severity Score
5.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Multiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client, could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system.
These vulnerabilities are due to an out-of-bounds memory read from Cisco Secure Client Software. An attacker could exploit these vulnerabilities by logging in to an affected device at the same time that another user is accessing Cisco Secure Client on the same system, and then sending crafted packets to a port on that local host. A successful exploit could allow the attacker to crash the VPN Agent service, causing it to be unavailable to all users of the system. To exploit these vulnerabilities, the attacker must have valid credentials on a multi-user system.
Múltiples vulnerabilidades en Cisco Secure Client Software, anteriormente AnyConnect Secure Mobility Client, podrían permitir que un atacante local autenticado cause una condición de denegación de servicio (DoS) en un sistema afectado. Estas vulnerabilidades se deben a una lectura de memoria fuera de los límites de Cisco Secure Client Software. Un atacante podría aprovechar estas vulnerabilidades iniciando sesión en un dispositivo afectado al mismo tiempo que otro usuario accede a Cisco Secure Client en el mismo sistema y luego enviando paquetes manipulados a un puerto en ese host local. Un exploit exitoso podría permitir al atacante bloquear el servicio del Agente VPN, provocando que no esté disponible para todos los usuarios del sistema. Para explotar estas vulnerabilidades, el atacante debe tener credenciales válidas en un sistema multiusuario.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-10-27 CVE Reserved
- 2023-11-22 CVE Published
- 2023-11-23 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-125: Out-of-bounds Read
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Anyconnect Secure Mobility Client Search vendor "Cisco" for product "Anyconnect Secure Mobility Client" | 4.9.00086 Search vendor "Cisco" for product "Anyconnect Secure Mobility Client" and version "4.9.00086" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Anyconnect Secure Mobility Client Search vendor "Cisco" for product "Anyconnect Secure Mobility Client" | 4.9.01095 Search vendor "Cisco" for product "Anyconnect Secure Mobility Client" and version "4.9.01095" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Anyconnect Secure Mobility Client Search vendor "Cisco" for product "Anyconnect Secure Mobility Client" | 4.9.02028 Search vendor "Cisco" for product "Anyconnect Secure Mobility Client" and version "4.9.02028" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Anyconnect Secure Mobility Client Search vendor "Cisco" for product "Anyconnect Secure Mobility Client" | 4.9.03047 Search vendor "Cisco" for product "Anyconnect Secure Mobility Client" and version "4.9.03047" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Anyconnect Secure Mobility Client Search vendor "Cisco" for product "Anyconnect Secure Mobility Client" | 4.9.03049 Search vendor "Cisco" for product "Anyconnect Secure Mobility Client" and version "4.9.03049" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Anyconnect Secure Mobility Client Search vendor "Cisco" for product "Anyconnect Secure Mobility Client" | 4.9.04043 Search vendor "Cisco" for product "Anyconnect Secure Mobility Client" and version "4.9.04043" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Anyconnect Secure Mobility Client Search vendor "Cisco" for product "Anyconnect Secure Mobility Client" | 4.9.04053 Search vendor "Cisco" for product "Anyconnect Secure Mobility Client" and version "4.9.04053" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Anyconnect Secure Mobility Client Search vendor "Cisco" for product "Anyconnect Secure Mobility Client" | 4.9.05042 Search vendor "Cisco" for product "Anyconnect Secure Mobility Client" and version "4.9.05042" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Anyconnect Secure Mobility Client Search vendor "Cisco" for product "Anyconnect Secure Mobility Client" | 4.9.06037 Search vendor "Cisco" for product "Anyconnect Secure Mobility Client" and version "4.9.06037" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Secure Client Search vendor "Cisco" for product "Secure Client" | 4.10.00093 Search vendor "Cisco" for product "Secure Client" and version "4.10.00093" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Secure Client Search vendor "Cisco" for product "Secure Client" | 4.10.01075 Search vendor "Cisco" for product "Secure Client" and version "4.10.01075" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Secure Client Search vendor "Cisco" for product "Secure Client" | 4.10.02086 Search vendor "Cisco" for product "Secure Client" and version "4.10.02086" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Secure Client Search vendor "Cisco" for product "Secure Client" | 4.10.03104 Search vendor "Cisco" for product "Secure Client" and version "4.10.03104" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Secure Client Search vendor "Cisco" for product "Secure Client" | 4.10.04065 Search vendor "Cisco" for product "Secure Client" and version "4.10.04065" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Secure Client Search vendor "Cisco" for product "Secure Client" | 4.10.04071 Search vendor "Cisco" for product "Secure Client" and version "4.10.04071" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Secure Client Search vendor "Cisco" for product "Secure Client" | 4.10.05085 Search vendor "Cisco" for product "Secure Client" and version "4.10.05085" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Secure Client Search vendor "Cisco" for product "Secure Client" | 4.10.05095 Search vendor "Cisco" for product "Secure Client" and version "4.10.05095" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Secure Client Search vendor "Cisco" for product "Secure Client" | 4.10.05111 Search vendor "Cisco" for product "Secure Client" and version "4.10.05111" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Secure Client Search vendor "Cisco" for product "Secure Client" | 4.10.06079 Search vendor "Cisco" for product "Secure Client" and version "4.10.06079" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Secure Client Search vendor "Cisco" for product "Secure Client" | 4.10.06090 Search vendor "Cisco" for product "Secure Client" and version "4.10.06090" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Secure Client Search vendor "Cisco" for product "Secure Client" | 4.10.07061 Search vendor "Cisco" for product "Secure Client" and version "4.10.07061" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Secure Client Search vendor "Cisco" for product "Secure Client" | 4.10.07062 Search vendor "Cisco" for product "Secure Client" and version "4.10.07062" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Secure Client Search vendor "Cisco" for product "Secure Client" | 4.10.07073 Search vendor "Cisco" for product "Secure Client" and version "4.10.07073" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Secure Client Search vendor "Cisco" for product "Secure Client" | 5.0.00238 Search vendor "Cisco" for product "Secure Client" and version "5.0.00238" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Secure Client Search vendor "Cisco" for product "Secure Client" | 5.0.00529 Search vendor "Cisco" for product "Secure Client" and version "5.0.00529" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Secure Client Search vendor "Cisco" for product "Secure Client" | 5.0.00556 Search vendor "Cisco" for product "Secure Client" and version "5.0.00556" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Secure Client Search vendor "Cisco" for product "Secure Client" | 5.0.01242 Search vendor "Cisco" for product "Secure Client" and version "5.0.01242" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Secure Client Search vendor "Cisco" for product "Secure Client" | 5.0.02075 Search vendor "Cisco" for product "Secure Client" and version "5.0.02075" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Secure Client Search vendor "Cisco" for product "Secure Client" | 5.0.03072 Search vendor "Cisco" for product "Secure Client" and version "5.0.03072" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Secure Client Search vendor "Cisco" for product "Secure Client" | 5.0.03076 Search vendor "Cisco" for product "Secure Client" and version "5.0.03076" | - |
Affected
| ||||||