CVE-2023-20240
CVSS 3.1 Score 5.5 of 10 (medium)
Details
Summary
CVE-2023-20240 is a new vulnerability affecting Cisco Secure Client Software. This issue allows authenticated, local attackers to cause a denial of service (DoS) condition on impacted systems. The root cause is an out-of-bounds memory read in the software. An attacker can exploit this by logging into a multi-user system and sending crafted packets to a local host's port while another user is using Cisco Secure Client. The resulting DoS condition can make the VPN Agent service unavailable to all users, impacting their ability to access the system securely. It's important to note that attackers must possess valid credentials to execute these attacks.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Cisco Secure Client
- Cisco AnyConnect
Affected Vendors
- Cisco Systems Inc