CVE-2024-20502

moderate-risk
Published 2024-10-02

A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to insufficient resource management while establishing SSL VPN sessions. An attacker could exploit this vulnerability by sending a series of crafted HTTPS requests to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to stop accepting new connections, preventing new SSL VPN connections from being established. Existing SSL VPN sessions are not impacted. Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention.

Do I need to act?

-
0.35% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.8/10 Medium
NETWORK / LOW complexity

Affected Products (20)

Meraki Mx65 Firmware
Meraki Mx64 Firmware
Meraki Z4C Firmware
Meraki Z4 Firmware
Meraki Z3C Firmware
Meraki Z3 Firmware
Meraki Vmx Firmware
Meraki Mx600 Firmware
Meraki Mx450 Firmware
Meraki Mx400 Firmware
Meraki Mx250 Firmware
Meraki Mx105 Firmware
Meraki Mx100 Firmware
Meraki Mx95 Firmware
Meraki Mx85 Firmware
Meraki Mx84 Firmware
Meraki Mx75 Firmware
Meraki Mx68W Firmware
Meraki Mx68Cw Firmware
Meraki Mx68 Firmware

Affected Vendors

Cisco

References (1)

Vendor Advisory https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/ci...
44
/ 100
moderate-risk
Severity 22/34 · High
Exploitability 1/34 · Minimal
Exposure 21/34 · High