Cisco Secure Client IKEv2 Integer Underflow DoS (<=4.10)
CVE-2024-20474 Published on October 23, 2024
A vulnerability in Internet Key Exchange version 2 (IKEv2) processing of Cisco Secure Client Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) of Cisco Secure Client. This vulnerability is due to an integer underflow condition. An attacker could exploit this vulnerability by sending a crafted IKEv2 packet to an affected system. A successful exploit could allow the attacker to cause Cisco Secure Client Software to crash, resulting in a DoS condition on the client software. Note: Cisco Secure Client Software releases 4.10 and earlier were known as Cisco AnyConnect Secure Mobility Client.
Vulnerability Analysis
CVE-2024-20474 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a small impact on availability.
Weakness Type
What is an Integer underflow Vulnerability?
The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result. This can happen in signed and unsigned cases.
CVE-2024-20474 has been classified to as an Integer underflow vulnerability or weakness.
Products Associated with CVE-2024-20474
stack.watch emails you whenever new vulnerabilities are published in Cisco Anyconnect Secure Mobility Client or Cisco Secure Client. Just hit a watch button to start following.
Affected Versions
Cisco Secure Client:- Version 4.9.00086 is affected.
- Version 4.9.01095 is affected.
- Version 4.9.02028 is affected.
- Version 4.9.03047 is affected.
- Version 4.9.03049 is affected.
- Version 4.9.04043 is affected.
- Version 4.9.04053 is affected.
- Version 4.9.05042 is affected.
- Version 4.9.06037 is affected.
- Version 4.10.00093 is affected.
- Version 4.10.01075 is affected.
- Version 4.10.02086 is affected.
- Version 4.10.03104 is affected.
- Version 4.10.04065 is affected.
- Version 4.10.04071 is affected.
- Version 4.10.05085 is affected.
- Version 4.10.05095 is affected.
- Version 4.10.05111 is affected.
- Version 4.10.06079 is affected.
- Version 4.10.06090 is affected.
- Version 4.10.07061 is affected.
- Version 4.10.07062 is affected.
- Version 4.10.07073 is affected.
- Version 4.10.08025 is affected.
- Version 4.10.08029 is affected.
- Version 5.0.00238 is affected.
- Version 5.0.00529 is affected.
- Version 5.0.00556 is affected.
- Version 5.0.01242 is affected.
- Version 5.0.02075 is affected.
- Version 5.0.03072 is affected.
- Version 5.0.03076 is affected.
- Version 5.0.04032 is affected.
- Version 5.0.05040 is affected.
- Version 5.1.0.136 is affected.
- Version 5.1.1.42 is affected.
- Version 5.1.2.42 is affected.
- Version 5.1.3.62 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.