Out-of-bounds read in Cisco Systems, Inc products - CVE-2023-20240

 

Out-of-bounds read in Cisco Systems, Inc products - CVE-2023-20240

Published: November 17, 2023


Vulnerability identifier: #VU83235
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2023-20240
CWE-ID: CWE-125
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco AnyConnect Secure Mobility Client
Cisco Secure Client AnyConnect VPN for iOS
Secure Client AnyConnect for Android
Cisco Secure Client AnyConnect for Universal Windows Platform
Cisco Secure Client for Linux
Cisco Secure Client for MacOS

Detailed vulnerability description

The vulnerability allows a local user to perform a enial of service (DoS) attack.

The vulnerability exists due to a boundary condition. A local user can trigger an out-of-bounds read error and cause a denial of service condition on the system.


How to mitigate CVE-2023-20240

Install updates from vendor's website.

Sources