Severity
Medium
Analysis Summary
CVE-2023-20240 CVSS: 5.5
Cisco Secure Client Software is vulnerable to a denial of service, caused by an out-of-bounds memory read flaw. By sending specially crafted packets to a port on that local host, a local authenticated attacker could exploit this vulnerability to crash the VPN Agent service, and cause the service to be unavailable to all users of the system.
CVE-2023-20241 CVSS: 5.5
Cisco Secure Client Software is vulnerable to a denial of service, caused by an out-of-bounds memory read flaw. By sending specially crafted packets to a port on that local host, a local authenticated attacker could exploit this vulnerability to crash the VPN Agent service, and cause the service to be unavailable to all users of the system.
Impact
- Denial of Service
Indicators Of Compromise
CVE
- CVE-2023-20240
- CVE-2023-20241
Affected Vendors
Cisco
Affected Products
- Cisco Secure Client for Linux
- Cisco Secure Client for Universal Windows Platform
- Cisco Secure Client AnyConnect VPN for iOS
- Cisco Secure Client AnyConnect for Android
- Cisco Secure Client for MacOS
Remediation
Refer to Cisco Security Advisory for patch, upgrade or suggested workaround information.