CVE-2023-20241

MEDIUM

Cisco Secure Client - DoS

Title source: llm

Description

Multiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client, could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. These vulnerabilities are due to an out-of-bounds memory read from Cisco Secure Client Software. An attacker could exploit these vulnerabilities by logging in to an affected device at the same time that another user is accessing Cisco Secure Client on the same system, and then sending crafted packets to a port on that local host. A successful exploit could allow the attacker to crash the VPN Agent service, causing it to be unavailable to all users of the system. To exploit these vulnerabilities, the attacker must have valid credentials on a multi-user system.

References (1)

Core 1

Core References

Issue Tracking, Vendor Advisory

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-accsc-dos-9SLzkZ8

Scores

CVSS v3 5.5

EPSS 0.0003

EPSS Percentile 9.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-125

Status published

Products (30)

cisco/anyconnect_secure_mobility_client 4.9.00086

cisco/anyconnect_secure_mobility_client 4.9.01095

cisco/anyconnect_secure_mobility_client 4.9.02028

cisco/anyconnect_secure_mobility_client 4.9.03047

cisco/anyconnect_secure_mobility_client 4.9.03049

cisco/anyconnect_secure_mobility_client 4.9.04043

cisco/anyconnect_secure_mobility_client 4.9.04053

cisco/anyconnect_secure_mobility_client 4.9.05042

cisco/anyconnect_secure_mobility_client 4.9.06037

cisco/secure_client 4.10.00093

... and 20 more

Published Nov 22, 2023

Tracked Since Feb 18, 2026