5.5

CVE-2023-20240

Multiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client, could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. These vulnerabilities are due to an out-of-bounds memory read from Cisco Secure Client Software. An attacker could exploit these vulnerabilities by logging in to an affected device at the same time that another user is accessing Cisco Secure Client on the same system, and then sending crafted packets to a port on that local host. A successful exploit could allow the attacker to crash the VPN Agent service, causing it to be unavailable to all users of the system. To exploit these vulnerabilities, the attacker must have valid credentials on a multi-user system.

Data is provided by the National Vulnerability Database (NVD)
CiscoSecure Client Version4.10.00093
CiscoSecure Client Version4.10.01075
CiscoSecure Client Version4.10.02086
CiscoSecure Client Version4.10.03104
CiscoSecure Client Version4.10.04065
CiscoSecure Client Version4.10.04071
CiscoSecure Client Version4.10.05085
CiscoSecure Client Version4.10.05095
CiscoSecure Client Version4.10.05111
CiscoSecure Client Version4.10.06079
CiscoSecure Client Version4.10.06090
CiscoSecure Client Version4.10.07061
CiscoSecure Client Version4.10.07062
CiscoSecure Client Version4.10.07073
CiscoSecure Client Version5.0.00238
CiscoSecure Client Version5.0.00529
CiscoSecure Client Version5.0.00556
CiscoSecure Client Version5.0.01242
CiscoSecure Client Version5.0.02075
CiscoSecure Client Version5.0.03072
CiscoSecure Client Version5.0.03076
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.03% 0.063
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
psirt@cisco.com 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.