Out-of-bounds read in Cisco Systems, Inc products - CVE-2023-20241

 

Out-of-bounds read in Cisco Systems, Inc products - CVE-2023-20241

Published: November 17, 2023


Vulnerability identifier: #VU83236
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2023-20241
CWE-ID: CWE-125
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco AnyConnect Secure Mobility Client
Cisco Secure Client AnyConnect VPN for iOS
Secure Client AnyConnect for Android
Cisco Secure Client AnyConnect for Universal Windows Platform
Cisco Secure Client for Linux
Cisco Secure Client for MacOS

Detailed vulnerability description

The vulnerability allows a local user to perform a enial of service (DoS) attack.

The vulnerability exists due to a boundary condition. A local user can trigger an out-of-bounds read error and cause a denial of service condition on the system.


How to mitigate CVE-2023-20241

Install updates from vendor's website.

Sources