CVE-2023-20241

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Nov 22, 2023
Updated: Jan 25, 2024
CWE ID 125

Summary

CVE-2023-20241 is a vulnerability in Cisco Secure Client Software (formerly AnyConnect Secure Mobility Client) that could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. The vulnerability is caused by an out-of-bounds memory read from the software. To exploit the vulnerabilities, the attacker needs valid credentials on a multi-user system and must log in at the same time another user is accessing Cisco Secure Client on the same system. By sending crafted packets to a port on the local host, the attacker can crash the VPN Agent service, rendering it unavailable to all users of the system. The vulnerability has a base severity rating of MEDIUM and an exploitability score of 1.8 out of 10. It poses a potential danger to organizations as it can disrupt their VPN services, impacting remote connectivity and potentially leading to operational disruptions. Remediation measures should include applying relevant security patches and updates provided by Cisco to address these vulnerabilities.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-20241 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options