What is the severity of CVE-2024-20474?

CVE-2024-20474 has been rated as critical severity due to its potential to cause a denial of service in Cisco Secure Client Software.

How do I fix CVE-2024-20474?

To fix CVE-2024-20474, upgrade Cisco Secure Client to the latest version recommended by Cisco.

What versions of Cisco software are affected by CVE-2024-20474?

CVE-2024-20474 affects specific versions of Cisco AnyConnect Secure Mobility Client and Cisco Secure Client software, including various versions listed in the advisory.

Can CVE-2024-20474 be exploited remotely?

Yes, CVE-2024-20474 can be exploited by an unauthenticated remote attacker.

What does CVE-2024-20474 allow an attacker to do?

CVE-2024-20474 allows an attacker to trigger a denial of service condition in Cisco Secure Client Software.

Vulnerability/
CVE-2024-20474

medium

4.3

CWE

191

23/10/2024

1/11/2024

CVE-2024-20474: Integer Underflow

First published: Wed Oct 23 2024(Updated: )

A vulnerability in Internet Key Exchange version 2 (IKEv2) processing of Cisco Secure Client Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) of Cisco Secure Client. This vulnerability is due to an integer underflow condition. An attacker could exploit this vulnerability by sending a crafted IKEv2 packet to an affected system. A successful exploit could allow the attacker to cause Cisco Secure Client Software to crash, resulting in a DoS condition on the client software. Note: Cisco Secure Client Software releases 4.10 and earlier were known as Cisco AnyConnect Secure Mobility Client.

Credit: ykramarz@cisco.com

Affected Software	Affected Version	How to fix
Cisco AnyConnect Secure	=4.9.00086
Cisco AnyConnect Secure	=4.9.01095
Cisco AnyConnect Secure	=4.9.02028
Cisco AnyConnect Secure	=4.9.03047
Cisco AnyConnect Secure	=4.9.03049
Cisco AnyConnect Secure	=4.9.04043
Cisco AnyConnect Secure	=4.9.04053
Cisco AnyConnect Secure	=4.9.05042
Cisco AnyConnect Secure	=4.9.06037
Cisco Secure Client - AnyConnect VPN	=4.10.00093
Cisco Secure Client - AnyConnect VPN	=4.10.01075
Cisco Secure Client - AnyConnect VPN	=4.10.02086
Cisco Secure Client - AnyConnect VPN	=4.10.03104
Cisco Secure Client - AnyConnect VPN	=4.10.04065
Cisco Secure Client - AnyConnect VPN	=4.10.04071
Cisco Secure Client - AnyConnect VPN	=4.10.05085
Cisco Secure Client - AnyConnect VPN	=4.10.05095
Cisco Secure Client - AnyConnect VPN	=4.10.05111
Cisco Secure Client - AnyConnect VPN	=4.10.06079
Cisco Secure Client - AnyConnect VPN	=4.10.06090
Cisco Secure Client - AnyConnect VPN	=4.10.07061
Cisco Secure Client - AnyConnect VPN	=4.10.07062
Cisco Secure Client - AnyConnect VPN	=4.10.07073
Cisco Secure Client - AnyConnect VPN	=4.10.08025
Cisco Secure Client - AnyConnect VPN	=4.10.08029
Cisco Secure Client - AnyConnect VPN	=5.0.00238
Cisco Secure Client - AnyConnect VPN	=5.0.00529
Cisco Secure Client - AnyConnect VPN	=5.0.00556
Cisco Secure Client - AnyConnect VPN	=5.0.01242
Cisco Secure Client - AnyConnect VPN	=5.0.02075
Cisco Secure Client - AnyConnect VPN	=5.0.03072
Cisco Secure Client - AnyConnect VPN	=5.0.03076
Cisco Secure Client - AnyConnect VPN	=5.0.04032
Cisco Secure Client - AnyConnect VPN	=5.0.05040
Cisco Secure Client - AnyConnect VPN	=5.1.0.136
Cisco Secure Client - AnyConnect VPN	=5.1.1.42
Cisco Secure Client - AnyConnect VPN	=5.1.2.42
Cisco Secure Client - AnyConnect VPN	=5.1.3.62

Never miss a vulnerability like this again

Reference Links

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csc-dos-XvPhM3bj

Frequently Asked Questions

What is the severity of CVE-2024-20474?
CVE-2024-20474 has been rated as critical severity due to its potential to cause a denial of service in Cisco Secure Client Software.
How do I fix CVE-2024-20474?
To fix CVE-2024-20474, upgrade Cisco Secure Client to the latest version recommended by Cisco.
What versions of Cisco software are affected by CVE-2024-20474?
CVE-2024-20474 affects specific versions of Cisco AnyConnect Secure Mobility Client and Cisco Secure Client software, including various versions listed in the advisory.
Can CVE-2024-20474 be exploited remotely?
Yes, CVE-2024-20474 can be exploited by an unauthenticated remote attacker.
What does CVE-2024-20474 allow an attacker to do?
CVE-2024-20474 allows an attacker to trigger a denial of service condition in Cisco Secure Client Software.

agent/weakness
agent/references
agent/type
agent/first-publish-date
agent/description
agent/severity
agent/author
agent/event
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/source
agent/softwarecombine
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/cisco
canonical/cisco anyconnect secure
version/cisco anyconnect secure/4.9.00086
version/cisco anyconnect secure/4.9.01095
version/cisco anyconnect secure/4.9.02028
version/cisco anyconnect secure/4.9.03047
version/cisco anyconnect secure/4.9.03049
version/cisco anyconnect secure/4.9.04043
version/cisco anyconnect secure/4.9.04053
version/cisco anyconnect secure/4.9.05042
version/cisco anyconnect secure/4.9.06037
canonical/cisco secure client - anyconnect vpn
version/cisco secure client - anyconnect vpn/4.10.00093
version/cisco secure client - anyconnect vpn/4.10.01075
version/cisco secure client - anyconnect vpn/4.10.02086
version/cisco secure client - anyconnect vpn/4.10.03104
version/cisco secure client - anyconnect vpn/4.10.04065
version/cisco secure client - anyconnect vpn/4.10.04071
version/cisco secure client - anyconnect vpn/4.10.05085
version/cisco secure client - anyconnect vpn/4.10.05095
version/cisco secure client - anyconnect vpn/4.10.05111
version/cisco secure client - anyconnect vpn/4.10.06079
version/cisco secure client - anyconnect vpn/4.10.06090
version/cisco secure client - anyconnect vpn/4.10.07061
version/cisco secure client - anyconnect vpn/4.10.07062
version/cisco secure client - anyconnect vpn/4.10.07073
version/cisco secure client - anyconnect vpn/4.10.08025
version/cisco secure client - anyconnect vpn/4.10.08029
version/cisco secure client - anyconnect vpn/5.0.00238
version/cisco secure client - anyconnect vpn/5.0.00529
version/cisco secure client - anyconnect vpn/5.0.00556
version/cisco secure client - anyconnect vpn/5.0.01242
version/cisco secure client - anyconnect vpn/5.0.02075
version/cisco secure client - anyconnect vpn/5.0.03072
version/cisco secure client - anyconnect vpn/5.0.03076
version/cisco secure client - anyconnect vpn/5.0.04032
version/cisco secure client - anyconnect vpn/5.0.05040
version/cisco secure client - anyconnect vpn/5.1.0.136
version/cisco secure client - anyconnect vpn/5.1.1.42
version/cisco secure client - anyconnect vpn/5.1.2.42
version/cisco secure client - anyconnect vpn/5.1.3.62