Cyber Resilience

CVE-2024-20474

Medium

Published: 23 October 2024

Published
23 October 2024
Modified
01 November 2024
KEV Added
Patch
CVSS Score v3.1 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
EPSS Score 0.0060 70.1th percentile
Risk Priority 9 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-20474 is a medium-severity Wrap or Wraparound (CWE-191) vulnerability in Cisco Secure Client. Its CVSS base score is 4.3 (Medium).

Operationally, ranked in the top 29.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

A vulnerability in Internet Key Exchange version 2 (IKEv2) processing of Cisco Secure Client Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) of Cisco Secure Client. This vulnerability is due to an integer underflow…

more

condition. An attacker could exploit this vulnerability by sending a crafted IKEv2 packet to an affected system. A successful exploit could allow the attacker to cause Cisco Secure Client Software to crash, resulting in a DoS condition on the client software. Note: Cisco Secure Client Software releases 4.10 and earlier were known as Cisco AnyConnect Secure Mobility Client.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

cisco
anyconnect secure mobility client
4.9.00086, 4.9.01095, 4.9.02028, 4.9.03047, 4.9.03049
cisco
secure client
4.10.00093, 4.10.01075, 4.10.02086, 4.10.03104, 4.10.04065

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References