6.5
CVE-2024-20474
- EPSS 0.1%
- Published 23.10.2024 18:15:11
- Last modified 01.11.2024 18:14:56
- Source psirt@cisco.com
- Teams watchlist Login
- Open Login
A vulnerability in Internet Key Exchange version 2 (IKEv2) processing of Cisco Secure Client Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) of Cisco Secure Client. This vulnerability is due to an integer underflow condition. An attacker could exploit this vulnerability by sending a crafted IKEv2 packet to an affected system. A successful exploit could allow the attacker to cause Cisco Secure Client Software to crash, resulting in a DoS condition on the client software. Note: Cisco Secure Client Software releases 4.10 and earlier were known as Cisco AnyConnect Secure Mobility Client.
Data is provided by the National Vulnerability Database (NVD)
Cisco ≫ Anyconnect Secure Mobility Client Version4.9.00086
Cisco ≫ Anyconnect Secure Mobility Client Version4.9.01095
Cisco ≫ Anyconnect Secure Mobility Client Version4.9.02028
Cisco ≫ Anyconnect Secure Mobility Client Version4.9.03047
Cisco ≫ Anyconnect Secure Mobility Client Version4.9.03049
Cisco ≫ Anyconnect Secure Mobility Client Version4.9.04043
Cisco ≫ Anyconnect Secure Mobility Client Version4.9.04053
Cisco ≫ Anyconnect Secure Mobility Client Version4.9.05042
Cisco ≫ Anyconnect Secure Mobility Client Version4.9.06037
Cisco ≫ Secure Client Version4.10.00093
Cisco ≫ Secure Client Version4.10.01075
Cisco ≫ Secure Client Version4.10.02086
Cisco ≫ Secure Client Version4.10.03104
Cisco ≫ Secure Client Version4.10.04065
Cisco ≫ Secure Client Version4.10.04071
Cisco ≫ Secure Client Version4.10.05085
Cisco ≫ Secure Client Version4.10.05095
Cisco ≫ Secure Client Version4.10.05111
Cisco ≫ Secure Client Version4.10.06079
Cisco ≫ Secure Client Version4.10.06090
Cisco ≫ Secure Client Version4.10.07061
Cisco ≫ Secure Client Version4.10.07062
Cisco ≫ Secure Client Version4.10.07073
Cisco ≫ Secure Client Version4.10.08025
Cisco ≫ Secure Client Version4.10.08029
Cisco ≫ Secure Client Version5.0.00238
Cisco ≫ Secure Client Version5.0.00529
Cisco ≫ Secure Client Version5.0.00556
Cisco ≫ Secure Client Version5.0.01242
Cisco ≫ Secure Client Version5.0.02075
Cisco ≫ Secure Client Version5.0.03072
Cisco ≫ Secure Client Version5.0.03076
Cisco ≫ Secure Client Version5.0.04032
Cisco ≫ Secure Client Version5.0.05040
Cisco ≫ Secure Client Version5.1.0.136
Cisco ≫ Secure Client Version5.1.1.42
Cisco ≫ Secure Client Version5.1.2.42
Cisco ≫ Secure Client Version5.1.3.62
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.1% | 0.288 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
|
| psirt@cisco.com | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
|
CWE-191 Integer Underflow (Wrap or Wraparound)
The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.