Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
None
Privileges Required
Low
Attack Vector
Local
0

CVE-2023-20241

Disclosure Date: November 22, 2023
CVE-2023-20241 CVSS v3 Base Score: 5.5
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Multiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client, could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system.

These vulnerabilities are due to an out-of-bounds memory read from Cisco Secure Client Software. An attacker could exploit these vulnerabilities by logging in to an affected device at the same time that another user is accessing Cisco Secure Client on the same system, and then sending crafted packets to a port on that local host. A successful exploit could allow the attacker to crash the VPN Agent service, causing it to be unavailable to all users of the system. To exploit these vulnerabilities, the attacker must have valid credentials on a multi-user system.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
5.5 Medium
Impact Score:
3.6
Exploitability Score:
1.8
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector (AV):
Local
Attack Complexity (AC):
Low
Privileges Required (PR):
Low
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
None
Integrity (I):
None
Availability (A):
High

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
Cisco Secure Client 4.9.00086
Cisco Secure Client 4.9.01095
Cisco Secure Client 4.9.02028
Cisco Secure Client 4.9.03047
Cisco Secure Client 4.9.03049
Cisco Secure Client 4.9.04043
Cisco Secure Client 4.9.04053
Cisco Secure Client 4.9.05042
Cisco Secure Client 4.9.06037
Cisco Secure Client 4.10.00093
Cisco Secure Client 4.10.01075
Cisco Secure Client 4.10.02086
Cisco Secure Client 4.10.03104
Cisco Secure Client 4.10.04065
Cisco Secure Client 4.10.04071
Cisco Secure Client 4.10.05085
Cisco Secure Client 4.10.05095
Cisco Secure Client 4.10.05111
Cisco Secure Client 4.10.06079
Cisco Secure Client 4.10.06090
Cisco Secure Client 4.10.07061
Cisco Secure Client 4.10.07062
Cisco Secure Client 4.10.07073
Cisco Secure Client 5.0.00238
Cisco Secure Client 5.0.00529
Cisco Secure Client 5.0.00556
Cisco Secure Client 5.0.01242
Cisco Secure Client 5.0.02075
Cisco Secure Client 5.0.03072
Cisco Secure Client 5.0.03076
Cisco Secure Client 5.0.04032
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • cisco

Products

  • anyconnect secure mobility client 4.9.00086,
  • anyconnect secure mobility client 4.9.01095,
  • anyconnect secure mobility client 4.9.02028,
  • anyconnect secure mobility client 4.9.03047,
  • anyconnect secure mobility client 4.9.03049,
  • anyconnect secure mobility client 4.9.04043,
  • anyconnect secure mobility client 4.9.04053,
  • anyconnect secure mobility client 4.9.05042,
  • anyconnect secure mobility client 4.9.06037,
  • secure client 4.10.00093,
  • secure client 4.10.01075,
  • secure client 4.10.02086,
  • secure client 4.10.03104,
  • secure client 4.10.04065,
  • secure client 4.10.04071,
  • secure client 4.10.05085,
  • secure client 4.10.05095,
  • secure client 4.10.05111,
  • secure client 4.10.06079,
  • secure client 4.10.06090,
  • secure client 4.10.07061,
  • secure client 4.10.07062,
  • secure client 4.10.07073,
  • secure client 5.0.00238,
  • secure client 5.0.00529,
  • secure client 5.0.00556,
  • secure client 5.0.01242,
  • secure client 5.0.02075,
  • secure client 5.0.03072,
  • secure client 5.0.03076

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis