CVE-2024-20474
moderate-risk
Published 2024-10-23
A vulnerability in Internet Key Exchange version 2 (IKEv2) processing of Cisco Secure Client Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) of Cisco Secure Client. This vulnerability is due to an integer underflow condition. An attacker could exploit this vulnerability by sending a crafted IKEv2 packet to an affected system. A successful exploit could allow the attacker to cause Cisco Secure Client Software to crash, resulting in a DoS condition on the client software. Note: Cisco Secure Client Software releases 4.10 and earlier were known as Cisco AnyConnect Secure Mobility Client.
Do I need to act?
-
0.60% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.3/10
Medium
NETWORK
/ LOW complexity
Affected Products (20)
Secure Client
Secure Client
Secure Client
Secure Client
Secure Client
Secure Client
Secure Client
Secure Client
Secure Client
Secure Client
Secure Client
Affected Vendors
References (1)
44
/ 100
moderate-risk
Severity
18/34 · Moderate
Exploitability
2/34 · Minimal
Exposure
24/34 · High