CVE-2024-20474

Description

A vulnerability in Internet Key Exchange version 2 (IKEv2) processing of Cisco Secure Client Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) of Cisco Secure Client. This vulnerability is due to an integer underflow condition. An attacker could exploit this vulnerability by sending a crafted IKEv2 packet to an affected system. A successful exploit could allow the attacker to cause Cisco Secure Client Software to crash, resulting in a DoS condition on the client software. Note: Cisco Secure Client Software releases 4.10 and earlier were known as Cisco AnyConnect Secure Mobility Client.

Reserved 2023-11-08 | Published 2024-10-23 | Updated 2024-10-23 | Assigner cisco

Problem types

Integer Underflow (Wrap or Wraparound)

Product status

4.9.00086
affected

4.9.01095
affected

4.9.02028
affected

4.9.03047
affected

4.9.03049
affected

4.9.04043
affected

4.9.04053
affected

4.9.05042
affected

4.9.06037
affected

4.10.00093
affected

4.10.01075
affected

4.10.02086
affected

4.10.03104
affected

4.10.04065
affected

4.10.04071
affected

4.10.05085
affected

4.10.05095
affected

4.10.05111
affected

4.10.06079
affected

4.10.06090
affected

4.10.07061
affected

4.10.07062
affected

4.10.07073
affected

4.10.08025
affected

4.10.08029
affected

5.0.00238
affected

5.0.00529
affected

5.0.00556
affected

5.0.01242
affected

5.0.02075
affected

5.0.03072
affected

5.0.03076
affected

5.0.04032
affected

5.0.05040
affected

5.1.0.136
affected

5.1.1.42
affected

5.1.2.42
affected

5.1.3.62
affected

References

sec.cloudapps.cisco.com/...dvisory/cisco-sa-csc-dos-XvPhM3bj (cisco-sa-csc-dos-XvPhM3bj)

cve.org (CVE-2024-20474)

nvd.nist.gov (CVE-2024-20474)

Download JSON