CVE-2022-20933
Cisco Meraki MX and Z3 Teleworker Gateway VPN Denial of Service Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z3 Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. An attacker could exploit this vulnerability by crafting a malicious request and sending it to the affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to crash and restart, resulting in the failure of the established SSL VPN connections and forcing remote users to initiate a new VPN connection and re-authenticate. A sustained attack could prevent new SSL VPN connections from being established. Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention. Cisco Meraki has released software updates that address this vulnerability.
Una vulnerabilidad en el servidor VPN Cisco AnyConnect de los dispositivos Cisco Meraki MX y Cisco Meraki Z3 Teleworker Gateway podría permitir a un atacante remoto no autenticado causar una condición de denegación de servicio (DoS) en un dispositivo afectado. Esta vulnerabilidad es debido a que no se comprueban suficientemente los parámetros proporcionados por el cliente mientras es establecida una sesión VPN SSL. Un atacante podría explotar esta vulnerabilidad al diseñar una petición maliciosa y enviándola al dispositivo afectado. Un ataque con éxito podría permitir al atacante causar a el servidor VPN Cisco AnyConnect bloquearse y reiniciarse, resultando en el fracaso de las conexiones VPN SSL establecidas y obligaría a usuarios remotos a iniciar una nueva conexión VPN y volver a autenticarse. Un ataque sostenido podría impedir que sean establecidas nuevas conexiones VPN SSL. Nota: Cuando el tráfico de ataque es detenido, el servidor VPN Cisco AnyConnect es recuperado con elegancia sin necesidad de intervención manual. Cisco Meraki ha publicado actualizaciones de software que abordan esta vulnerabilidad
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2021-11-02 CVE Reserved
- 2022-10-26 CVE Published
- 2024-05-11 EPSS Updated
- 2024-11-01 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-234: Failure to Handle Missing Parameter
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Cisco Search vendor "Cisco" | Meraki Mx64 Firmware Search vendor "Cisco" for product "Meraki Mx64 Firmware" | >= 16.2.0 < 16.16.6 Search vendor "Cisco" for product "Meraki Mx64 Firmware" and version " >= 16.2.0 < 16.16.6" | - |
Affected
| in | Cisco Search vendor "Cisco" | Meraki Mx64 Search vendor "Cisco" for product "Meraki Mx64" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Meraki Mx64 Firmware Search vendor "Cisco" for product "Meraki Mx64 Firmware" | >= 17.0.0 < 17.10.1 Search vendor "Cisco" for product "Meraki Mx64 Firmware" and version " >= 17.0.0 < 17.10.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Meraki Mx64 Search vendor "Cisco" for product "Meraki Mx64" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Meraki Mx64w Firmware Search vendor "Cisco" for product "Meraki Mx64w Firmware" | >= 16.2.0 < 16.16.6 Search vendor "Cisco" for product "Meraki Mx64w Firmware" and version " >= 16.2.0 < 16.16.6" | - |
Affected
| in | Cisco Search vendor "Cisco" | Meraki Mx64w Search vendor "Cisco" for product "Meraki Mx64w" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Meraki Mx64w Firmware Search vendor "Cisco" for product "Meraki Mx64w Firmware" | >= 17.0.0 < 17.10.1 Search vendor "Cisco" for product "Meraki Mx64w Firmware" and version " >= 17.0.0 < 17.10.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Meraki Mx64w Search vendor "Cisco" for product "Meraki Mx64w" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Meraki Mx65 Firmware Search vendor "Cisco" for product "Meraki Mx65 Firmware" | >= 16.2.0 < 16.16.6 Search vendor "Cisco" for product "Meraki Mx65 Firmware" and version " >= 16.2.0 < 16.16.6" | - |
Affected
| in | Cisco Search vendor "Cisco" | Meraki Mx65 Search vendor "Cisco" for product "Meraki Mx65" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Meraki Mx65 Firmware Search vendor "Cisco" for product "Meraki Mx65 Firmware" | >= 17.0.0 < 17.10.1 Search vendor "Cisco" for product "Meraki Mx65 Firmware" and version " >= 17.0.0 < 17.10.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Meraki Mx65 Search vendor "Cisco" for product "Meraki Mx65" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Meraki Mx65w Firmware Search vendor "Cisco" for product "Meraki Mx65w Firmware" | >= 16.2.0 < 16.16.6 Search vendor "Cisco" for product "Meraki Mx65w Firmware" and version " >= 16.2.0 < 16.16.6" | - |
Affected
| in | Cisco Search vendor "Cisco" | Meraki Mx65w Search vendor "Cisco" for product "Meraki Mx65w" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Meraki Mx65w Firmware Search vendor "Cisco" for product "Meraki Mx65w Firmware" | >= 17.0.0 < 17.10.1 Search vendor "Cisco" for product "Meraki Mx65w Firmware" and version " >= 17.0.0 < 17.10.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Meraki Mx65w Search vendor "Cisco" for product "Meraki Mx65w" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Meraki Mx67 Firmware Search vendor "Cisco" for product "Meraki Mx67 Firmware" | >= 16.2.0 < 16.16.6 Search vendor "Cisco" for product "Meraki Mx67 Firmware" and version " >= 16.2.0 < 16.16.6" | - |
Affected
| in | Cisco Search vendor "Cisco" | Meraki Mx67 Search vendor "Cisco" for product "Meraki Mx67" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Meraki Mx67 Firmware Search vendor "Cisco" for product "Meraki Mx67 Firmware" | >= 17.0.0 < 17.10.1 Search vendor "Cisco" for product "Meraki Mx67 Firmware" and version " >= 17.0.0 < 17.10.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Meraki Mx67 Search vendor "Cisco" for product "Meraki Mx67" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Meraki Mx67cw Firmware Search vendor "Cisco" for product "Meraki Mx67cw Firmware" | >= 16.2.0 < 16.16.6 Search vendor "Cisco" for product "Meraki Mx67cw Firmware" and version " >= 16.2.0 < 16.16.6" | - |
Affected
| in | Cisco Search vendor "Cisco" | Meraki Mx67cw Search vendor "Cisco" for product "Meraki Mx67cw" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Meraki Mx67cw Firmware Search vendor "Cisco" for product "Meraki Mx67cw Firmware" | >= 17.0.0 < 17.10.1 Search vendor "Cisco" for product "Meraki Mx67cw Firmware" and version " >= 17.0.0 < 17.10.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Meraki Mx67cw Search vendor "Cisco" for product "Meraki Mx67cw" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Meraki Mx67w Firmware Search vendor "Cisco" for product "Meraki Mx67w Firmware" | >= 16.2.0 < 16.16.6 Search vendor "Cisco" for product "Meraki Mx67w Firmware" and version " >= 16.2.0 < 16.16.6" | - |
Affected
| in | Cisco Search vendor "Cisco" | Meraki Mx67w Search vendor "Cisco" for product "Meraki Mx67w" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Meraki Mx67w Firmware Search vendor "Cisco" for product "Meraki Mx67w Firmware" | >= 17.0.0 < 17.10.1 Search vendor "Cisco" for product "Meraki Mx67w Firmware" and version " >= 17.0.0 < 17.10.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Meraki Mx67w Search vendor "Cisco" for product "Meraki Mx67w" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Meraki Mx68 Firmware Search vendor "Cisco" for product "Meraki Mx68 Firmware" | >= 16.2.0 < 16.16.6 Search vendor "Cisco" for product "Meraki Mx68 Firmware" and version " >= 16.2.0 < 16.16.6" | - |
Affected
| in | Cisco Search vendor "Cisco" | Meraki Mx68 Search vendor "Cisco" for product "Meraki Mx68" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Meraki Mx68 Firmware Search vendor "Cisco" for product "Meraki Mx68 Firmware" | >= 17.0.0 < 17.10.1 Search vendor "Cisco" for product "Meraki Mx68 Firmware" and version " >= 17.0.0 < 17.10.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Meraki Mx68 Search vendor "Cisco" for product "Meraki Mx68" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Meraki Mx68cw Firmware Search vendor "Cisco" for product "Meraki Mx68cw Firmware" | >= 16.2.0 < 16.16.6 Search vendor "Cisco" for product "Meraki Mx68cw Firmware" and version " >= 16.2.0 < 16.16.6" | - |
Affected
| in | Cisco Search vendor "Cisco" | Meraki Mx68cw Search vendor "Cisco" for product "Meraki Mx68cw" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Meraki Mx68cw Firmware Search vendor "Cisco" for product "Meraki Mx68cw Firmware" | >= 17.0.0 < 17.10.1 Search vendor "Cisco" for product "Meraki Mx68cw Firmware" and version " >= 17.0.0 < 17.10.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Meraki Mx68cw Search vendor "Cisco" for product "Meraki Mx68cw" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Meraki Mx68w Firmware Search vendor "Cisco" for product "Meraki Mx68w Firmware" | >= 16.2.0 < 16.16.6 Search vendor "Cisco" for product "Meraki Mx68w Firmware" and version " >= 16.2.0 < 16.16.6" | - |
Affected
| in | Cisco Search vendor "Cisco" | Meraki Mx68w Search vendor "Cisco" for product "Meraki Mx68w" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Meraki Mx68w Firmware Search vendor "Cisco" for product "Meraki Mx68w Firmware" | >= 17.0.0 < 17.10.1 Search vendor "Cisco" for product "Meraki Mx68w Firmware" and version " >= 17.0.0 < 17.10.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Meraki Mx68w Search vendor "Cisco" for product "Meraki Mx68w" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Meraki Mx75 Firmware Search vendor "Cisco" for product "Meraki Mx75 Firmware" | >= 16.2.0 < 16.16.6 Search vendor "Cisco" for product "Meraki Mx75 Firmware" and version " >= 16.2.0 < 16.16.6" | - |
Affected
| in | Cisco Search vendor "Cisco" | Meraki Mx75 Search vendor "Cisco" for product "Meraki Mx75" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Meraki Mx75 Firmware Search vendor "Cisco" for product "Meraki Mx75 Firmware" | >= 17.0.0 < 17.10.1 Search vendor "Cisco" for product "Meraki Mx75 Firmware" and version " >= 17.0.0 < 17.10.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Meraki Mx75 Search vendor "Cisco" for product "Meraki Mx75" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Meraki Mx84 Firmware Search vendor "Cisco" for product "Meraki Mx84 Firmware" | >= 16.2.0 < 16.16.6 Search vendor "Cisco" for product "Meraki Mx84 Firmware" and version " >= 16.2.0 < 16.16.6" | - |
Affected
| in | Cisco Search vendor "Cisco" | Meraki Mx84 Search vendor "Cisco" for product "Meraki Mx84" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Meraki Mx84 Firmware Search vendor "Cisco" for product "Meraki Mx84 Firmware" | >= 17.0.0 < 17.10.1 Search vendor "Cisco" for product "Meraki Mx84 Firmware" and version " >= 17.0.0 < 17.10.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Meraki Mx84 Search vendor "Cisco" for product "Meraki Mx84" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Meraki Mx85 Firmware Search vendor "Cisco" for product "Meraki Mx85 Firmware" | >= 16.2.0 < 16.16.6 Search vendor "Cisco" for product "Meraki Mx85 Firmware" and version " >= 16.2.0 < 16.16.6" | - |
Affected
| in | Cisco Search vendor "Cisco" | Meraki Mx85 Search vendor "Cisco" for product "Meraki Mx85" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Meraki Mx85 Firmware Search vendor "Cisco" for product "Meraki Mx85 Firmware" | >= 17.0.0 < 17.10.1 Search vendor "Cisco" for product "Meraki Mx85 Firmware" and version " >= 17.0.0 < 17.10.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Meraki Mx85 Search vendor "Cisco" for product "Meraki Mx85" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Meraki Mx95 Firmware Search vendor "Cisco" for product "Meraki Mx95 Firmware" | >= 16.2.0 < 16.16.6 Search vendor "Cisco" for product "Meraki Mx95 Firmware" and version " >= 16.2.0 < 16.16.6" | - |
Affected
| in | Cisco Search vendor "Cisco" | Meraki Mx95 Search vendor "Cisco" for product "Meraki Mx95" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Meraki Mx95 Firmware Search vendor "Cisco" for product "Meraki Mx95 Firmware" | >= 17.0.0 < 17.10.1 Search vendor "Cisco" for product "Meraki Mx95 Firmware" and version " >= 17.0.0 < 17.10.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Meraki Mx95 Search vendor "Cisco" for product "Meraki Mx95" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Meraki Mx100 Firmware Search vendor "Cisco" for product "Meraki Mx100 Firmware" | >= 16.2.0 < 16.16.6 Search vendor "Cisco" for product "Meraki Mx100 Firmware" and version " >= 16.2.0 < 16.16.6" | - |
Affected
| in | Cisco Search vendor "Cisco" | Meraki Mx100 Search vendor "Cisco" for product "Meraki Mx100" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Meraki Mx100 Firmware Search vendor "Cisco" for product "Meraki Mx100 Firmware" | >= 17.0.0 < 17.10.1 Search vendor "Cisco" for product "Meraki Mx100 Firmware" and version " >= 17.0.0 < 17.10.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Meraki Mx100 Search vendor "Cisco" for product "Meraki Mx100" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Meraki Mx105 Firmware Search vendor "Cisco" for product "Meraki Mx105 Firmware" | >= 16.2.0 < 16.16.6 Search vendor "Cisco" for product "Meraki Mx105 Firmware" and version " >= 16.2.0 < 16.16.6" | - |
Affected
| in | Cisco Search vendor "Cisco" | Meraki Mx105 Search vendor "Cisco" for product "Meraki Mx105" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Meraki Mx105 Firmware Search vendor "Cisco" for product "Meraki Mx105 Firmware" | >= 17.0.0 < 17.10.1 Search vendor "Cisco" for product "Meraki Mx105 Firmware" and version " >= 17.0.0 < 17.10.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Meraki Mx105 Search vendor "Cisco" for product "Meraki Mx105" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Meraki Mx250 Firmware Search vendor "Cisco" for product "Meraki Mx250 Firmware" | >= 16.2.0 < 16.16.6 Search vendor "Cisco" for product "Meraki Mx250 Firmware" and version " >= 16.2.0 < 16.16.6" | - |
Affected
| in | Cisco Search vendor "Cisco" | Meraki Mx250 Search vendor "Cisco" for product "Meraki Mx250" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Meraki Mx250 Firmware Search vendor "Cisco" for product "Meraki Mx250 Firmware" | >= 17.0.0 < 17.10.1 Search vendor "Cisco" for product "Meraki Mx250 Firmware" and version " >= 17.0.0 < 17.10.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Meraki Mx250 Search vendor "Cisco" for product "Meraki Mx250" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Meraki Mx400 Firmware Search vendor "Cisco" for product "Meraki Mx400 Firmware" | >= 16.2.0 < 16.16.6 Search vendor "Cisco" for product "Meraki Mx400 Firmware" and version " >= 16.2.0 < 16.16.6" | - |
Affected
| in | Cisco Search vendor "Cisco" | Meraki Mx400 Search vendor "Cisco" for product "Meraki Mx400" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Meraki Mx400 Firmware Search vendor "Cisco" for product "Meraki Mx400 Firmware" | >= 17.0.0 < 17.10.1 Search vendor "Cisco" for product "Meraki Mx400 Firmware" and version " >= 17.0.0 < 17.10.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Meraki Mx400 Search vendor "Cisco" for product "Meraki Mx400" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Meraki Mx450 Firmware Search vendor "Cisco" for product "Meraki Mx450 Firmware" | >= 16.2.0 < 16.16.6 Search vendor "Cisco" for product "Meraki Mx450 Firmware" and version " >= 16.2.0 < 16.16.6" | - |
Affected
| in | Cisco Search vendor "Cisco" | Meraki Mx450 Search vendor "Cisco" for product "Meraki Mx450" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Meraki Mx450 Firmware Search vendor "Cisco" for product "Meraki Mx450 Firmware" | >= 17.0.0 < 17.10.1 Search vendor "Cisco" for product "Meraki Mx450 Firmware" and version " >= 17.0.0 < 17.10.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Meraki Mx450 Search vendor "Cisco" for product "Meraki Mx450" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Meraki Mx600 Firmware Search vendor "Cisco" for product "Meraki Mx600 Firmware" | >= 16.2.0 < 16.16.6 Search vendor "Cisco" for product "Meraki Mx600 Firmware" and version " >= 16.2.0 < 16.16.6" | - |
Affected
| in | Cisco Search vendor "Cisco" | Meraki Mx600 Search vendor "Cisco" for product "Meraki Mx600" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Meraki Mx600 Firmware Search vendor "Cisco" for product "Meraki Mx600 Firmware" | >= 17.0.0 < 17.10.1 Search vendor "Cisco" for product "Meraki Mx600 Firmware" and version " >= 17.0.0 < 17.10.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Meraki Mx600 Search vendor "Cisco" for product "Meraki Mx600" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Meraki Vmx Firmware Search vendor "Cisco" for product "Meraki Vmx Firmware" | >= 16.2.0 < 16.16.6 Search vendor "Cisco" for product "Meraki Vmx Firmware" and version " >= 16.2.0 < 16.16.6" | - |
Affected
| in | Cisco Search vendor "Cisco" | Meraki Vmx Search vendor "Cisco" for product "Meraki Vmx" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Meraki Vmx Firmware Search vendor "Cisco" for product "Meraki Vmx Firmware" | >= 17.0.0 < 17.10.1 Search vendor "Cisco" for product "Meraki Vmx Firmware" and version " >= 17.0.0 < 17.10.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Meraki Vmx Search vendor "Cisco" for product "Meraki Vmx" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Meraki Z3c Firmware Search vendor "Cisco" for product "Meraki Z3c Firmware" | - | - |
Affected
| in | Cisco Search vendor "Cisco" | Meraki Z3c Search vendor "Cisco" for product "Meraki Z3c" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Meraki Z3 Firmware Search vendor "Cisco" for product "Meraki Z3 Firmware" | - | - |
Affected
| in | Cisco Search vendor "Cisco" | Meraki Z3 Search vendor "Cisco" for product "Meraki Z3" | - | - |
Safe
|