Description

A vulnerability in Internet Key Exchange version 2 (IKEv2) processing of Cisco Secure Client Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) of Cisco Secure Client. This vulnerability is due to an integer underflow condition. An attacker could exploit this vulnerability by sending a crafted IKEv2 packet to an affected system. A successful exploit could allow the attacker to cause Cisco Secure Client Software to crash, resulting in a DoS condition on the client software. Note: Cisco Secure Client Software releases 4.10 and earlier were known as Cisco AnyConnect Secure Mobility Client.

INFO

Published Date :

2024-10-23T17:49:23.557Z

Last Modified :

2024-10-23T20:54:12.513Z

Source :

cisco
AFFECTED PRODUCTS

The following products are affected by CVE-2024-20474 vulnerability.

Vendors Products
Cisco
  • Anyconnect Secure Mobility Client
  • Secure Client
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-20474.

URL Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csc-dos-XvPhM3bj cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact