CVSS: 5.9EPSS: 0%CPEs: 26EXPL: 0CVE-2024-20509 – Cisco Meraki MX and Z3 Teleworker Gateway AnyConnect VPN Session Takeover and Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2024-20509
02 Oct 2024 — A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to hijack an AnyConnect VPN session or cause a denial of service (DoS) condition for individual users of the AnyConnect VPN service on an affected device. This vulnerability is due to weak entropy for handlers that are used during the VPN authentication process as well as a race condition that exists in the same process. An attacker could ... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meraki-mx-vpn-dos-by-QWUkqV7X • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.8EPSS: 0%CPEs: 26EXPL: 0CVE-2024-20513 – Cisco Meraki MX and Z3 Teleworker Gateway AnyConnect VPN Targeted Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2024-20513
02 Oct 2024 — A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition for targeted users of the AnyConnect service on an affected device. This vulnerability is due to insufficient entropy for handlers that are used during SSL VPN session establishment. An unauthenticated attacker could exploit this vulnerability by brute forcing valid session handlers. An authenticated attacker could... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meraki-mx-vpn-dos-QTRHzG2 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 7.8EPSS: 0%CPEs: 28EXPL: 0CVE-2024-20502 – Cisco Meraki MX and Z3 Teleworker Gateway AnyConnect VPN Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2024-20502
02 Oct 2024 — A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to insufficient resource management while establishing SSL VPN sessions. An attacker could exploit this vulnerability by sending a series of crafted HTTPS requests to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cis... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meraki-mx-vpn-dos-QTRHzG2 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.6EPSS: 0%CPEs: 28EXPL: 0CVE-2024-20501 – Cisco Meraki MX and Z3 Teleworker Gateway AnyConnect VPN Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2024-20501
02 Oct 2024 — Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device. These vulnerabilities are due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request to the VPN server of an affected device. A succes... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meraki-mx-vpn-dos-QTRHzG2 • CWE-787: Out-of-bounds Write •
CVSS: 8.6EPSS: 0%CPEs: 28EXPL: 0CVE-2024-20499 – Cisco Meraki MX and Z3 Teleworker Gateway AnyConnect VPN Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2024-20499
02 Oct 2024 — Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device. These vulnerabilities are due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request to the VPN server of an affected device. A succes... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meraki-mx-vpn-dos-QTRHzG2 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 28EXPL: 0CVE-2024-20500 – Cisco Meraki MX and Z3 Teleworker Gateway AnyConnect VPN Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2024-20500
02 Oct 2024 — A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device. This vulnerability is due to insufficient resource management when establishing TLS/SSL sessions. An attacker could exploit this vulnerability by sending a series of crafted TLS/SSL messages to the VPN server of an affected device. A successful exploit could allow th... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meraki-mx-vpn-dos-QTRHzG2 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.6EPSS: 0%CPEs: 28EXPL: 0CVE-2024-20498 – Cisco Meraki MX and Z3 Teleworker Gateway AnyConnect VPN Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2024-20498
02 Oct 2024 — Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device. These vulnerabilities are due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request to the VPN server of an affected device. A succes... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meraki-mx-vpn-dos-QTRHzG2 • CWE-415: Double Free •
CVSS: 8.6EPSS: 0%CPEs: 67EXPL: 0CVE-2022-20933 – Cisco Meraki MX and Z3 Teleworker Gateway VPN Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2022-20933
26 Oct 2022 — A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z3 Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. An attacker could exploit this vulnerability by crafting a malicious request and sending it to the affected device. A successful exploit could allow the atta... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meraki-mx-vpn-dos-vnESbgBf • CWE-234: Failure to Handle Missing Parameter •
CVSS: 6.5EPSS: 0%CPEs: 192EXPL: 0CVE-2020-26141 – kernel: not verifying TKIP MIC of fragmented frames
https://notcve.org/view.php?id=CVE-2020-26141
11 May 2021 — An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The Wi-Fi implementation does not verify the Message Integrity Check (authenticity) of fragmented TKIP frames. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data-confidentiality protocol. Se detectó un problema en el controlador ALFA de Windows 10 versión 6.1316.1209 para AWUS036H. La implementación de Wi-Fi no verifica la Comprobación de Integridad del Mensaje (... • http://www.openwall.com/lists/oss-security/2021/05/11/12 • CWE-354: Improper Validation of Integrity Check Value CWE-863: Incorrect Authorization •
CVSS: 5.3EPSS: 0%CPEs: 330EXPL: 0CVE-2020-26139 – kernel: Forwarding EAPOL from unauthenticated wifi client
https://notcve.org/view.php?id=CVE-2020-26139
11 May 2021 — An issue was discovered in the kernel in NetBSD 7.1. An Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. This might be abused in projected Wi-Fi networks to launch denial-of-service attacks against connected clients and makes it easier to exploit other vulnerabilities in connected clients. Se detectó un problema en el kernel en NetBSD versión 7.1. Un punto de acceso (AP) reenvía tramas EAPOL a otros clientes aunque el remitente... • http://www.openwall.com/lists/oss-security/2021/05/11/12 • CWE-287: Improper Authentication CWE-829: Inclusion of Functionality from Untrusted Control Sphere •