Denial of Service Vulnerability in Cisco Secure Client Software
CVE-2023-20240

5.5MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Secure Client
Vendor: CVE Published:; 22 November 2023

What is CVE-2023-20240?

Multiple vulnerabilities in Cisco Secure Client Software can be exploited by an authenticated local attacker to cause a denial of service (DoS) on a system. These vulnerabilities stem from an out-of-bounds memory read. An attacker with valid credentials can log in to the device while another user is simultaneously accessing the Cisco Secure Client. By sending crafted packets to a local port, the attacker may crash the VPN Agent service, rendering it unavailable to all users of the system. This scenario highlights the importance of maintaining secure access control and monitoring user activity on multi-user systems.

Affected Version(s)

Cisco Secure Client 4.9.00086

Cisco Secure Client 4.9.01095

Cisco Secure Client 4.9.02028

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 22, 2023
Vulnerability Reserved
Oct 27, 2022