CVE-2024-20474

MEDIUM

Cisco Secure Client - DoS

Title source: llm

Description

A vulnerability in Internet Key Exchange version 2 (IKEv2) processing of Cisco Secure Client Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) of Cisco Secure Client. This vulnerability is due to an integer underflow condition. An attacker could exploit this vulnerability by sending a crafted IKEv2 packet to an affected system. A successful exploit could allow the attacker to cause Cisco Secure Client Software to crash, resulting in a DoS condition on the client software. Note: Cisco Secure Client Software releases 4.10 and earlier were known as Cisco AnyConnect Secure Mobility Client.

References (1)

[Vendor Advisory] https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csc-dos-XvPhM3bj

Scores

CVSS v3 4.3

EPSS 0.0060

EPSS Percentile 69.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-191

Status published

Products (38)

cisco/anyconnect_secure_mobility_client 4.9.00086

cisco/anyconnect_secure_mobility_client 4.9.01095

cisco/anyconnect_secure_mobility_client 4.9.02028

cisco/anyconnect_secure_mobility_client 4.9.03047

cisco/anyconnect_secure_mobility_client 4.9.03049

cisco/anyconnect_secure_mobility_client 4.9.04043

cisco/anyconnect_secure_mobility_client 4.9.04053

cisco/anyconnect_secure_mobility_client 4.9.05042

cisco/anyconnect_secure_mobility_client 4.9.06037

cisco/secure_client 4.10.00093

... and 28 more

Published Oct 23, 2024

Tracked Since Feb 18, 2026