Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

CVE-2023-20241

Disclosure Date: November 22, 2023 •

CVE-2023-20241 CVSS v3 Base Score: 5.5

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Multiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client, could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system.

These vulnerabilities are due to an out-of-bounds memory read from Cisco Secure Client Software. An attacker could exploit these vulnerabilities by logging in to an affected device at the same time that another user is accessing Cisco Secure Client on the same system, and then sending crafted packets to a port on that local host. A successful exploit could allow the attacker to crash the VPN Agent service, causing it to be unavailable to all users of the system. To exploit these vulnerabilities, the attacker must have valid credentials on a multi-user system.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

5.5 Medium

Impact Score:

3.6

Exploitability Score:

1.8

Vector:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV):

Local

Attack Complexity (AC):

Low

Privileges Required (PR):

Low

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

None

Integrity (I):

None

Availability (A):

High

General Information

Offensive Application

Unknown

Utility Class

Unknown

Ports

Unknown

Vulnerable Versions

Cisco Secure Client 4.9.00086

Cisco Secure Client 4.9.01095

Cisco Secure Client 4.9.02028

Cisco Secure Client 4.9.03047

Cisco Secure Client 4.9.03049

Cisco Secure Client 4.9.04043

Cisco Secure Client 4.9.04053

Cisco Secure Client 4.9.05042

Cisco Secure Client 4.9.06037

Cisco Secure Client 4.10.00093

Cisco Secure Client 4.10.01075

Cisco Secure Client 4.10.02086

Cisco Secure Client 4.10.03104

Cisco Secure Client 4.10.04065

Cisco Secure Client 4.10.04071

Cisco Secure Client 4.10.05085

Cisco Secure Client 4.10.05095

Cisco Secure Client 4.10.05111

Cisco Secure Client 4.10.06079

Cisco Secure Client 4.10.06090

Cisco Secure Client 4.10.07061

Cisco Secure Client 4.10.07062

Cisco Secure Client 4.10.07073

Cisco Secure Client 5.0.00238

Cisco Secure Client 5.0.00529

Cisco Secure Client 5.0.00556

Cisco Secure Client 5.0.01242

Cisco Secure Client 5.0.02075

Cisco Secure Client 5.0.03072

Cisco Secure Client 5.0.03076

Cisco Secure Client 5.0.04032

Prerequisites

Unknown

Discovered By

Unknown

PoC Author

Unknown

Metasploit Module

Unknown

Reporter

Unknown

Vendors

cisco

Products

References

Canonical

CVE-2023-20241 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20241)

Miscellaneous

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-accsc-dos-9SLzkZ8

Rapid7

Unknown

CVE-2023-20241

Unknown

Unknown

None

Low

Local

CVE-2023-20241

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Unknown

CVE-2023-20241

Unknown

Unknown

None

Low

Local

CVE-2023-20241

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Quick Cookie Notification