Severity

Medium

Analysis Summary

CVE-2023-20240 CVSS: 5.5

Cisco Secure Client Software is vulnerable to a denial of service, caused by an out-of-bounds memory read flaw. By sending specially crafted packets to a port on that local host, a local authenticated attacker could exploit this vulnerability to crash the VPN Agent service, and cause the service to be unavailable to all users of the system.

CVE-2023-20241 CVSS: 5.5

Cisco Secure Client Software is vulnerable to a denial of service, caused by an out-of-bounds memory read flaw. By sending specially crafted packets to a port on that local host, a local authenticated attacker could exploit this vulnerability to crash the VPN Agent service, and cause the service to be unavailable to all users of the system.

Impact

  • Denial of Service

Indicators Of Compromise

CVE

  • CVE-2023-20240
  • CVE-2023-20241

Affected Vendors

Cisco

Affected Products

  • Cisco Secure Client for Linux
  • Cisco Secure Client for Universal Windows Platform
  • Cisco Secure Client AnyConnect VPN for iOS
  • Cisco Secure Client AnyConnect for Android
  • Cisco Secure Client for MacOS

Remediation

Refer to Cisco Security Advisory for patch, upgrade or suggested workaround information.

Cisco Security Advisory