Denial of Service Vulnerabilities in Cisco Secure Client Software
CVE-2023-20241
5.5MEDIUM
What is CVE-2023-20241?
Multiple vulnerabilities in Cisco Secure Client Software could allow an authenticated local attacker to trigger a denial of service (DoS) condition. This arises from an out-of-bounds memory read that occurs when an attacker concurrently logs into an affected device while another user accesses the Cisco Secure Client. By sending specially crafted packets to a port on the local host, the attacker can crash the VPN Agent service, rendering it unavailable to all users on the system. Valid credentials on a multi-user system are required for the attacker to exploit these vulnerabilities.
Affected Version(s)
Cisco Secure Client 4.9.00086
Cisco Secure Client 4.9.01095
Cisco Secure Client 4.9.02028