#VU83235 Out-of-bounds read in Cisco Systems, Inc products - CVE-2023-20240
Published: November 17, 2023
Vulnerability identifier: #VU83235
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2023-20240
CWE-ID: CWE-125
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Cisco AnyConnect Secure Mobility Client
Cisco Secure Client AnyConnect VPN for iOS
Secure Client AnyConnect for Android
Cisco Secure Client AnyConnect for Universal Windows Platform
Cisco Secure Client for Linux
Cisco Secure Client for MacOS
Cisco AnyConnect Secure Mobility Client
Cisco Secure Client AnyConnect VPN for iOS
Secure Client AnyConnect for Android
Cisco Secure Client AnyConnect for Universal Windows Platform
Cisco Secure Client for Linux
Cisco Secure Client for MacOS
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows a local user to perform a enial of service (DoS) attack.
The vulnerability exists due to a boundary condition. A local user can trigger an out-of-bounds read error and cause a denial of service condition on the system.
Remediation
Install updates from vendor's website.