CVE-2024-20498

Cisco Meraki MX and Z3 Teleworker Gateway AnyConnect VPN Denial of Service Vulnerability

Severity Score

8.6

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Attend

*SSVC

Descriptions

Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device. These vulnerabilities are due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to restart, resulting in the failure of the established SSL VPN connections and forcing remote users to initiate a new VPN connection and reauthenticate. A sustained attack could prevent new SSL VPN connections from being established. Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Attend

Exploitation

None

Automatable

Yes

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2023-11-08 CVE Reserved
2024-10-02 CVE Published
2024-10-02 CVE Updated
2024-10-09 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-415: Double Free

CAPEC

References (1)

URL	Tag	Source
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meraki-mx-vpn-dos-QTRHzG2

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Cisco Search vendor "Cisco"		Meraki Mx Search vendor "Cisco" for product "Meraki Mx"				*		-		Affected
Cisco Search vendor "Cisco"		Meraki Z1 Search vendor "Cisco" for product "Meraki Z1"				*		-		Affected
Cisco Search vendor "Cisco"		Cisco Search vendor "Cisco" for product "Cisco"				*		-		Affected
Cisco Search vendor "Cisco"		Meraki Mx100 Firmware Search vendor "Cisco" for product "Meraki Mx100 Firmware"				*		-		Affected
Cisco Search vendor "Cisco"		Meraki Mx105 Firmware Search vendor "Cisco" for product "Meraki Mx105 Firmware"				*		-		Affected
Cisco Search vendor "Cisco"		Meraki Mx250 Firmware Search vendor "Cisco" for product "Meraki Mx250 Firmware"				*		-		Affected
Cisco Search vendor "Cisco"		Meraki Mx400 Firmware Search vendor "Cisco" for product "Meraki Mx400 Firmware"				*		-		Affected
Cisco Search vendor "Cisco"		Meraki Mx450 Firmware Search vendor "Cisco" for product "Meraki Mx450 Firmware"				*		-		Affected
Cisco Search vendor "Cisco"		Meraki Mx600 Firmware Search vendor "Cisco" for product "Meraki Mx600 Firmware"				*		-		Affected
Cisco Search vendor "Cisco"		Meraki Mx64 Firmware Search vendor "Cisco" for product "Meraki Mx64 Firmware"				*		-		Affected
Cisco Search vendor "Cisco"		Meraki Mx64w Firmware Search vendor "Cisco" for product "Meraki Mx64w Firmware"				*		-		Affected
Cisco Search vendor "Cisco"		Meraki Mx65 Firmware Search vendor "Cisco" for product "Meraki Mx65 Firmware"				*		-		Affected
Cisco Search vendor "Cisco"		Meraki Mx65w Firmware Search vendor "Cisco" for product "Meraki Mx65w Firmware"				*		-		Affected
Cisco Search vendor "Cisco"		Meraki Mx67 Firmware Search vendor "Cisco" for product "Meraki Mx67 Firmware"				*		-		Affected
Cisco Search vendor "Cisco"		Meraki Mx67c Firmware Search vendor "Cisco" for product "Meraki Mx67c Firmware"				*		-		Affected
Cisco Search vendor "Cisco"		Meraki Mx67w Firmware Search vendor "Cisco" for product "Meraki Mx67w Firmware"				*		-		Affected
Cisco Search vendor "Cisco"		Meraki Mx68 Firmware Search vendor "Cisco" for product "Meraki Mx68 Firmware"				*		-		Affected
Cisco Search vendor "Cisco"		Meraki Mx68cw Firmware Search vendor "Cisco" for product "Meraki Mx68cw Firmware"				*		-		Affected
Cisco Search vendor "Cisco"		Meraki Mx68w Firmware Search vendor "Cisco" for product "Meraki Mx68w Firmware"				*		-		Affected
Cisco Search vendor "Cisco"		Meraki Mx75 Firmware Search vendor "Cisco" for product "Meraki Mx75 Firmware"				*		-		Affected
Cisco Search vendor "Cisco"		Meraki Mx84 Firmware Search vendor "Cisco" for product "Meraki Mx84 Firmware"				*		-		Affected
Cisco Search vendor "Cisco"		Meraki Mx85 Firmware Search vendor "Cisco" for product "Meraki Mx85 Firmware"				*		-		Affected
Cisco Search vendor "Cisco"		Meraki Mx95 Firmware Search vendor "Cisco" for product "Meraki Mx95 Firmware"				*		-		Affected
Cisco Search vendor "Cisco"		Meraki Vmx Firmware Search vendor "Cisco" for product "Meraki Vmx Firmware"				*		-		Affected
Cisco Search vendor "Cisco"		Meraki Z3 Firmware Search vendor "Cisco" for product "Meraki Z3 Firmware"				*		-		Affected
Cisco Search vendor "Cisco"		Meraki Z3c Firmware Search vendor "Cisco" for product "Meraki Z3c Firmware"				*		-		Affected
Cisco Search vendor "Cisco"		Meraki Z4 Firmware Search vendor "Cisco" for product "Meraki Z4 Firmware"				*		-		Affected
Cisco Search vendor "Cisco"		Meraki Z4c Firmware Search vendor "Cisco" for product "Meraki Z4c Firmware"				*		-		Affected