How severe is CVE-2024-20474?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2024-20474?

This is classified as CWE-191, which is a common weakness in software security.

CVE-2024-20474 - MEDIUM Severity | CVSS 6.5

Vulnerability Description

A vulnerability in Internet Key Exchange version 2 (IKEv2) processing of Cisco Secure Client Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) of Cisco Secure Client. This vulnerability is due to an integer underflow condition. An attacker could exploit this vulnerability by sending a crafted IKEv2 packet to an affected system. A successful exploit could allow the attacker to cause Cisco Secure Client Software to crash, resulting in a DoS condition on the client software. Note: Cisco Secure Client Software releases 4.10 and earlier were known as Cisco AnyConnect Secure Mobility Client.

Related Vulnerabilities

CVE-2017-14997

MEDIUM

CVSS:6.5(Medium)

GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (excessive memory allocation) because of an integer underflow in ReadPICTImage in coders/pict.c.

CWE-1912017

CVE-2018-4011

MEDIUM

CVSS:6.5(Medium)

An exploitable integer underflow vulnerability exists in the mdnscap binary of the CUJO Smart Firewall, version 7003. When parsing SRV records in an mDNS packet, the "RDLENGTH" value is handled incorr...

CWE-1912018

CVE-2021-24894

MEDIUM

CVSS:6.5(Medium)

The Reviews Plus WordPress plugin before 1.2.14 does not validate the submitted rating, allowing submission of long integer, causing a Denial of Service in the review section when an authenticated use...

CWE-1912021

CVE-2021-25121

MEDIUM

CVSS:6.5(Medium)

The Rating by BestWebSoft WordPress plugin before 1.6 does not validate the submitted rating, allowing submission of long integer, causing a Denial of Service on the post/page when a user submit such ...

CWE-1912021

CVE-2021-41821

MEDIUM

CVSS:6.5(Medium)

Wazuh Manager in Wazuh through 4.1.5 is affected by a remote Integer Underflow vulnerability that might lead to denial of service. A crafted message must be sent from an authenticated agent to the man...

CWE-1912021

CVE-2022-21685

MEDIUM

CVSS:6.5(Medium)

Frontier is Substrate's Ethereum compatibility layer. Prior to commit number `8a93fdc6c9f4eb1d2f2a11b7ff1d12d70bf5a664`, a bug in Frontier's MODEXP precompile implementation can cause an integer under...

CWE-1912022