A vulnerability in Internet Key Exchange version 2 (IKEv2) processing of Cisco Secure Client Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) of Cisco Secure Client.
This vulnerability is due to an integer underflow condition. An attacker could exploit this vulnerability by sending a crafted IKEv2 packet to an affected system. A successful exploit could allow the attacker to cause Cisco Secure Client Software to crash, resulting in a DoS condition on the client software.
Note: Cisco Secure Client Software releases 4.10 and earlier were known as Cisco AnyConnect Secure Mobility Client.
Metrics
Affected Vendors & Products
References
History
Fri, 01 Nov 2024 18:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Cisco
Cisco anyconnect Secure Mobility Client Cisco secure Client |
|
CPEs | cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.9.00086:*:*:*:*:*:*:* cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.9.01095:*:*:*:*:*:*:* cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.9.02028:*:*:*:*:*:*:* cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.9.03047:*:*:*:*:*:*:* cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.9.03049:*:*:*:*:*:*:* cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.9.04043:*:*:*:*:*:*:* cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.9.04053:*:*:*:*:*:*:* cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.9.05042:*:*:*:*:*:*:* cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.9.06037:*:*:*:*:*:*:* cpe:2.3:a:cisco:secure_client:4.10.00093:*:*:*:*:*:*:* cpe:2.3:a:cisco:secure_client:4.10.01075:*:*:*:*:*:*:* cpe:2.3:a:cisco:secure_client:4.10.02086:*:*:*:*:*:*:* cpe:2.3:a:cisco:secure_client:4.10.03104:*:*:*:*:*:*:* cpe:2.3:a:cisco:secure_client:4.10.04065:*:*:*:*:*:*:* cpe:2.3:a:cisco:secure_client:4.10.04071:*:*:*:*:*:*:* cpe:2.3:a:cisco:secure_client:4.10.05085:*:*:*:*:*:*:* cpe:2.3:a:cisco:secure_client:4.10.05095:*:*:*:*:*:*:* cpe:2.3:a:cisco:secure_client:4.10.05111:*:*:*:*:*:*:* cpe:2.3:a:cisco:secure_client:4.10.06079:*:*:*:*:*:*:* cpe:2.3:a:cisco:secure_client:4.10.06090:*:*:*:*:*:*:* cpe:2.3:a:cisco:secure_client:4.10.07061:*:*:*:*:*:*:* cpe:2.3:a:cisco:secure_client:4.10.07062:*:*:*:*:*:*:* cpe:2.3:a:cisco:secure_client:4.10.07073:*:*:*:*:*:*:* cpe:2.3:a:cisco:secure_client:4.10.08025:*:*:*:*:*:*:* cpe:2.3:a:cisco:secure_client:4.10.08029:*:*:*:*:*:*:* cpe:2.3:a:cisco:secure_client:5.0.00238:*:*:*:*:*:*:* cpe:2.3:a:cisco:secure_client:5.0.00529:*:*:*:*:*:*:* cpe:2.3:a:cisco:secure_client:5.0.00556:*:*:*:*:*:*:* cpe:2.3:a:cisco:secure_client:5.0.01242:*:*:*:*:*:*:* cpe:2.3:a:cisco:secure_client:5.0.02075:*:*:*:*:*:*:* cpe:2.3:a:cisco:secure_client:5.0.03072:*:*:*:*:*:*:* cpe:2.3:a:cisco:secure_client:5.0.03076:*:*:*:*:*:*:* cpe:2.3:a:cisco:secure_client:5.0.04032:*:*:*:*:*:*:* cpe:2.3:a:cisco:secure_client:5.0.05040:*:*:*:*:*:*:* cpe:2.3:a:cisco:secure_client:5.1.0.136:*:*:*:*:*:*:* cpe:2.3:a:cisco:secure_client:5.1.1.42:*:*:*:*:*:*:* cpe:2.3:a:cisco:secure_client:5.1.2.42:*:*:*:*:*:*:* cpe:2.3:a:cisco:secure_client:5.1.3.62:*:*:*:*:*:*:* |
|
Vendors & Products |
Cisco
Cisco anyconnect Secure Mobility Client Cisco secure Client |
Wed, 23 Oct 2024 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Wed, 23 Oct 2024 18:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A vulnerability in Internet Key Exchange version 2 (IKEv2) processing of Cisco Secure Client Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) of Cisco Secure Client. This vulnerability is due to an integer underflow condition. An attacker could exploit this vulnerability by sending a crafted IKEv2 packet to an affected system. A successful exploit could allow the attacker to cause Cisco Secure Client Software to crash, resulting in a DoS condition on the client software. Note: Cisco Secure Client Software releases 4.10 and earlier were known as Cisco AnyConnect Secure Mobility Client. | |
Weaknesses | CWE-191 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: cisco
Published: 2024-10-23T17:49:23.557Z
Updated: 2024-10-23T20:54:12.513Z
Reserved: 2023-11-08T15:08:07.681Z
Link: CVE-2024-20474
Vulnrichment
Updated: 2024-10-23T20:54:08.880Z
NVD
Status : Analyzed
Published: 2024-10-23T18:15:11.517
Modified: 2024-11-01T18:14:56.790
Link: CVE-2024-20474
Redhat
No data.