CVE-2023-20240: DoS via OOB Read in Cisco Secure Client VPN Agent
CVE-2023-20240 Published on November 22, 2023
Multiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client, could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. These vulnerabilities are due to an out-of-bounds memory read from Cisco Secure Client Software. An attacker could exploit these vulnerabilities by logging in to an affected device at the same time that another user is accessing Cisco Secure Client on the same system, and then sending crafted packets to a port on that local host. A successful exploit could allow the attacker to crash the VPN Agent service, causing it to be unavailable to all users of the system. To exploit these vulnerabilities, the attacker must have valid credentials on a multi-user system.
Vulnerability Analysis
CVE-2023-20240 is exploitable with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.
Weakness Type
Out-of-bounds Read
The software reads data past the end, or before the beginning, of the intended buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash. A crash can occur when the code reads a variable amount of data and assumes that a sentinel exists to stop the read operation, such as a NUL in a string. The expected sentinel might not be located in the out-of-bounds memory, causing excessive data to be read, leading to a segmentation fault or a buffer overflow. The software may modify an index or perform pointer arithmetic that references a memory location that is outside of the boundaries of the buffer. A subsequent read operation then produces undefined or unexpected results.
Products Associated with CVE-2023-20240
stack.watch emails you whenever new vulnerabilities are published in Cisco Anyconnect Secure Mobility Client or Cisco Secure Client. Just hit a watch button to start following.
Affected Versions
Cisco Secure Client:- Version 4.9.00086 is affected.
- Version 4.9.01095 is affected.
- Version 4.9.02028 is affected.
- Version 4.9.03047 is affected.
- Version 4.9.03049 is affected.
- Version 4.9.04043 is affected.
- Version 4.9.04053 is affected.
- Version 4.9.05042 is affected.
- Version 4.9.06037 is affected.
- Version 4.10.00093 is affected.
- Version 4.10.01075 is affected.
- Version 4.10.02086 is affected.
- Version 4.10.03104 is affected.
- Version 4.10.04065 is affected.
- Version 4.10.04071 is affected.
- Version 4.10.05085 is affected.
- Version 4.10.05095 is affected.
- Version 4.10.05111 is affected.
- Version 4.10.06079 is affected.
- Version 4.10.06090 is affected.
- Version 4.10.07061 is affected.
- Version 4.10.07062 is affected.
- Version 4.10.07073 is affected.
- Version 5.0.00238 is affected.
- Version 5.0.00529 is affected.
- Version 5.0.00556 is affected.
- Version 5.0.01242 is affected.
- Version 5.0.02075 is affected.
- Version 5.0.03072 is affected.
- Version 5.0.03076 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.