CVE-2024-20474

MEDIUM

Cisco Secure Client - DoS

Title source: llm

Description

A vulnerability in Internet Key Exchange version 2 (IKEv2) processing of Cisco Secure Client Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) of Cisco Secure Client. This vulnerability is due to an integer underflow condition. An attacker could exploit this vulnerability by sending a crafted IKEv2 packet to an affected system. A successful exploit could allow the attacker to cause Cisco Secure Client Software to crash, resulting in a DoS condition on the client software. Note: Cisco Secure Client Software releases 4.10 and earlier were known as Cisco AnyConnect Secure Mobility Client.

References (1)

Scores

CVSS v3 4.3
EPSS 0.0060
EPSS Percentile 69.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Classification

CWE
CWE-191
Status published

Affected Products (38)

cisco/anyconnect_secure_mobility_client
cisco/anyconnect_secure_mobility_client
cisco/anyconnect_secure_mobility_client
cisco/anyconnect_secure_mobility_client
cisco/anyconnect_secure_mobility_client
cisco/anyconnect_secure_mobility_client
cisco/anyconnect_secure_mobility_client
cisco/anyconnect_secure_mobility_client
cisco/anyconnect_secure_mobility_client
cisco/secure_client
cisco/secure_client
cisco/secure_client
cisco/secure_client
cisco/secure_client
cisco/secure_client
... and 23 more

Timeline

Published Oct 23, 2024
Tracked Since Feb 18, 2026