All the vulnerabilites related to cisco - meraki_mx67c
Vulnerability from fkie_nvd
Published
2024-10-02 19:15
Modified
2024-10-08 18:32
Severity ?
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device.
These vulnerabilities are due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to restart, resulting in the failure of the established SSL VPN connections and forcing remote users to initiate a new VPN connection and reauthenticate. A sustained attack could prevent new SSL VPN connections from being established.
Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx65_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3C6574B-E879-4813-9516-93B41EBDFBD3",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "17.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx65:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3099A12-2D6F-4486-A690-1C809AF480B0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx64_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23FA0FF8-5926-4623-9348-4347331C5F3F",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "17.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx64:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE749570-1EA6-4734-B96A-D02B3BA3A756",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_z4c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B63AAC8-D59D-4EF1-829E-11E9CB18A41F",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_z4c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AEE09C2D-9F52-4C72-9D7C-F9AF710D1174",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_z4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F62D4319-19DA-4DC0-88D0-DE859504EA6D",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_z4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "36770C3B-F962-48FB-9D9F-3EABB1F10EFD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_z3c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F7C73DAF-C7AF-4090-8F96-3D6F93A1DABD",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_z3c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6646F004-E0E0-4316-A022-2793C28FBCCC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_z3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5A4FD3B4-FD1F-4340-B4AC-D76C11DAD4D5",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_z3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FB81CFD0-9558-47AB-96E4-CB21C1AA9159",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_vmx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "96D29083-7535-4B23-9141-BF6CE2824184",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_vmx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D6CE4DAD-7FA3-4D1B-A24F-D2B9F4F331BF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx600_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1C8F2FA1-B439-4978-AD2B-34C98310D894",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A4CF5E0-A7D0-4C9D-A180-16288BE3AC1A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx450_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D620C14D-7724-4C38-83A6-E33328EDE7C3",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx450:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B35EB71-8584-4803-A438-AEC406FD8445",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A61EA9B6-126D-4174-8BEF-7FD311724C03",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2ACA552D-78D3-4312-9537-28ADBB15E08A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx250_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "869396D2-5CB1-45FF-8CC8-C6BA17548076",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2D6CBE98-6B20-4F05-8871-0BEAD1D351B0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx105_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C86B5EA0-85E7-4B8D-83AE-445A2C945CB2",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx105:-:*:*:*:*:*:*:*",
"matchCriteriaId": "291C7E3A-74D1-4326-87A4-F60D60E3DC37",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0AF66E98-18FB-4862-96C6-090F9B563AAC",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D4DE139-CCB5-4BDD-8827-07348B8F0FF2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx95_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "40A18D40-3168-4270-A019-0FFB3652BD64",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx95:-:*:*:*:*:*:*:*",
"matchCriteriaId": "35740A98-6486-458C-99A9-8E23A781C917",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx85_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC297617-CF3B-4CD5-8E5B-14A5A58BB1AD",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx85:-:*:*:*:*:*:*:*",
"matchCriteriaId": "410A121A-037A-4D44-A35F-7AE41F93E5AF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx84_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5E4FB60C-E46F-4D0F-9C01-2D2670334694",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx84:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5A4239D-E115-4368-895A-002BBD94F243",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx75_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "995A6C94-CC7F-4CA4-8815-693E491652B4",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx75:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2A892F3D-62F9-4B04-94E8-FD803159C47B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx68w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "900C8DC4-EF1C-4762-A517-F67665F3D724",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx68w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "03F9C184-3811-4A26-846D-54ECE7CF939F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx68cw_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0118FD5D-0D25-4984-A6EB-40EF70B85144",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx68cw:-:*:*:*:*:*:*:*",
"matchCriteriaId": "18E682AA-05AD-483F-915F-A2B2C98233B7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx68_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FE27942F-86F1-480C-AFA1-762A5A9E775F",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx68:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6B4B5E-4FBB-48A9-B828-00C8AB479FB8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx67w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "87EE31D0-87F7-4943-96CC-D5BA48D5DFDA",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx67w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F2529662-8A54-4DFC-80E7-922CF22DE2F3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx67c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6AB39E09-A441-4F95-9F38-44942BDE98AD",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx67c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E9725A9F-B9B9-4784-AEEA-A5E5CE0A41F3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx67_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "45953505-EF91-4825-95CD-51EE86D694A5",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx67:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2702FE73-E4AC-45C7-A212-44D783720798",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx65w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1A471D3-2D62-4458-ADDE-53D60E55966C",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx65w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "69A23113-F7E1-4587-A4FF-A4AAB446A69D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx64w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D24D11CA-67C0-4376-91DE-F62118062FED",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx64w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B1038F5F-020D-41FD-9C3D-F2685F1EA916",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device.\r\n\r\nThese vulnerabilities are due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to restart, resulting in the failure of the established SSL VPN connections and forcing remote users to initiate a new VPN connection and reauthenticate. A sustained attack could prevent new SSL VPN connections from being established.\r\nNote: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention."
},
{
"lang": "es",
"value": "Varias vulnerabilidades en el servidor VPN de Cisco AnyConnect de los dispositivos Cisco Meraki MX y Cisco Meraki Z Series Teleworker Gateway podr\u00edan permitir que un atacante remoto no autenticado provoque una condici\u00f3n de denegaci\u00f3n de servicio (DoS) en el servicio AnyConnect de un dispositivo afectado. Estas vulnerabilidades se deben a una validaci\u00f3n insuficiente de los par\u00e1metros proporcionados por el cliente al establecer una sesi\u00f3n VPN SSL. Un atacante podr\u00eda aprovechar estas vulnerabilidades enviando una solicitud HTTPS manipulada al servidor VPN de un dispositivo afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir que el atacante haga que el servidor VPN de Cisco AnyConnect se reinicie, lo que provocar\u00eda la falla de las conexiones VPN SSL establecidas y obligar\u00eda a los usuarios remotos a iniciar una nueva conexi\u00f3n VPN y volver a autenticarse. Un ataque sostenido podr\u00eda evitar que se establezcan nuevas conexiones VPN SSL. Nota: Cuando el tr\u00e1fico del ataque se detiene, el servidor VPN de Cisco AnyConnect se recupera sin problemas sin necesidad de intervenci\u00f3n manual."
}
],
"id": "CVE-2024-20498",
"lastModified": "2024-10-08T18:32:54.457",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-10-02T19:15:13.870",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meraki-mx-vpn-dos-QTRHzG2"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-415"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-415"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-02 19:15
Modified
2024-10-08 18:27
Severity ?
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device.
These vulnerabilities are due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to restart, resulting in the failure of the established SSL VPN connections and forcing remote users to initiate a new VPN connection and reauthenticate. A sustained attack could prevent new SSL VPN connections from being established.
Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_z4c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B63AAC8-D59D-4EF1-829E-11E9CB18A41F",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_z4c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AEE09C2D-9F52-4C72-9D7C-F9AF710D1174",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_z4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F62D4319-19DA-4DC0-88D0-DE859504EA6D",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_z4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "36770C3B-F962-48FB-9D9F-3EABB1F10EFD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_z3c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F7C73DAF-C7AF-4090-8F96-3D6F93A1DABD",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_z3c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6646F004-E0E0-4316-A022-2793C28FBCCC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_z3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5A4FD3B4-FD1F-4340-B4AC-D76C11DAD4D5",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_z3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FB81CFD0-9558-47AB-96E4-CB21C1AA9159",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_vmx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "96D29083-7535-4B23-9141-BF6CE2824184",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_vmx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D6CE4DAD-7FA3-4D1B-A24F-D2B9F4F331BF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx600_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1C8F2FA1-B439-4978-AD2B-34C98310D894",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A4CF5E0-A7D0-4C9D-A180-16288BE3AC1A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx450_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D620C14D-7724-4C38-83A6-E33328EDE7C3",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx450:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B35EB71-8584-4803-A438-AEC406FD8445",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A61EA9B6-126D-4174-8BEF-7FD311724C03",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2ACA552D-78D3-4312-9537-28ADBB15E08A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx250_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "869396D2-5CB1-45FF-8CC8-C6BA17548076",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2D6CBE98-6B20-4F05-8871-0BEAD1D351B0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx105_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C86B5EA0-85E7-4B8D-83AE-445A2C945CB2",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx105:-:*:*:*:*:*:*:*",
"matchCriteriaId": "291C7E3A-74D1-4326-87A4-F60D60E3DC37",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0AF66E98-18FB-4862-96C6-090F9B563AAC",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D4DE139-CCB5-4BDD-8827-07348B8F0FF2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx95_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "40A18D40-3168-4270-A019-0FFB3652BD64",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx95:-:*:*:*:*:*:*:*",
"matchCriteriaId": "35740A98-6486-458C-99A9-8E23A781C917",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx85_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC297617-CF3B-4CD5-8E5B-14A5A58BB1AD",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx85:-:*:*:*:*:*:*:*",
"matchCriteriaId": "410A121A-037A-4D44-A35F-7AE41F93E5AF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx84_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5E4FB60C-E46F-4D0F-9C01-2D2670334694",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx84:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5A4239D-E115-4368-895A-002BBD94F243",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx75_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "995A6C94-CC7F-4CA4-8815-693E491652B4",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx75:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2A892F3D-62F9-4B04-94E8-FD803159C47B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx68w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "900C8DC4-EF1C-4762-A517-F67665F3D724",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx68w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "03F9C184-3811-4A26-846D-54ECE7CF939F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx68cw_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0118FD5D-0D25-4984-A6EB-40EF70B85144",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx68cw:-:*:*:*:*:*:*:*",
"matchCriteriaId": "18E682AA-05AD-483F-915F-A2B2C98233B7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx68_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FE27942F-86F1-480C-AFA1-762A5A9E775F",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx68:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6B4B5E-4FBB-48A9-B828-00C8AB479FB8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx67w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "87EE31D0-87F7-4943-96CC-D5BA48D5DFDA",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx67w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F2529662-8A54-4DFC-80E7-922CF22DE2F3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx67c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6AB39E09-A441-4F95-9F38-44942BDE98AD",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx67c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E9725A9F-B9B9-4784-AEEA-A5E5CE0A41F3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx67_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "45953505-EF91-4825-95CD-51EE86D694A5",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx67:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2702FE73-E4AC-45C7-A212-44D783720798",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx65w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1A471D3-2D62-4458-ADDE-53D60E55966C",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx65w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "69A23113-F7E1-4587-A4FF-A4AAB446A69D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx65_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3C6574B-E879-4813-9516-93B41EBDFBD3",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "17.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx65:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3099A12-2D6F-4486-A690-1C809AF480B0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx64w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D24D11CA-67C0-4376-91DE-F62118062FED",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx64w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B1038F5F-020D-41FD-9C3D-F2685F1EA916",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx64_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "553AC2DF-6F85-40D3-B3B1-F979364BA4BD",
"versionEndIncluding": "18.211.2",
"versionStartIncluding": "17.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx64:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE749570-1EA6-4734-B96A-D02B3BA3A756",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device.\r\n\r\nThese vulnerabilities are due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to restart, resulting in the failure of the established SSL VPN connections and forcing remote users to initiate a new VPN connection and reauthenticate. A sustained attack could prevent new SSL VPN connections from being established.\r\nNote: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention."
},
{
"lang": "es",
"value": "Varias vulnerabilidades en el servidor VPN de Cisco AnyConnect de los dispositivos Cisco Meraki MX y Cisco Meraki Z Series Teleworker Gateway podr\u00edan permitir que un atacante remoto no autenticado provoque una condici\u00f3n de denegaci\u00f3n de servicio (DoS) en el servicio AnyConnect de un dispositivo afectado. Estas vulnerabilidades se deben a una validaci\u00f3n insuficiente de los par\u00e1metros proporcionados por el cliente al establecer una sesi\u00f3n VPN SSL. Un atacante podr\u00eda aprovechar estas vulnerabilidades enviando una solicitud HTTPS manipulada al servidor VPN de un dispositivo afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir que el atacante haga que el servidor VPN de Cisco AnyConnect se reinicie, lo que provocar\u00eda la falla de las conexiones VPN SSL establecidas y obligar\u00eda a los usuarios remotos a iniciar una nueva conexi\u00f3n VPN y volver a autenticarse. Un ataque sostenido podr\u00eda evitar que se establezcan nuevas conexiones VPN SSL. Nota: Cuando el tr\u00e1fico del ataque se detiene, el servidor VPN de Cisco AnyConnect se recupera sin problemas sin necesidad de intervenci\u00f3n manual."
}
],
"id": "CVE-2024-20499",
"lastModified": "2024-10-08T18:27:16.110",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-10-02T19:15:14.143",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meraki-mx-vpn-dos-QTRHzG2"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-02 19:15
Modified
2024-10-08 18:45
Severity ?
5.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to hijack an AnyConnect VPN session or cause a denial of service (DoS) condition for individual users of the AnyConnect VPN service on an affected device.
This vulnerability is due to weak entropy for handlers that are used during the VPN authentication process as well as a race condition that exists in the same process. An attacker could exploit this vulnerability by correctly guessing an authentication handler and then sending crafted HTTPS requests to an affected device. A successful exploit could allow the attacker to take over the AnyConnect VPN session from a target user or prevent the target user from establishing an AnyConnect VPN session with the affected device.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx65_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3C6574B-E879-4813-9516-93B41EBDFBD3",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "17.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx65:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3099A12-2D6F-4486-A690-1C809AF480B0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx64_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23FA0FF8-5926-4623-9348-4347331C5F3F",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "17.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx64:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE749570-1EA6-4734-B96A-D02B3BA3A756",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_z4c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B63AAC8-D59D-4EF1-829E-11E9CB18A41F",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_z4c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AEE09C2D-9F52-4C72-9D7C-F9AF710D1174",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_z4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F62D4319-19DA-4DC0-88D0-DE859504EA6D",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_z4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "36770C3B-F962-48FB-9D9F-3EABB1F10EFD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_z3c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F7C73DAF-C7AF-4090-8F96-3D6F93A1DABD",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_z3c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6646F004-E0E0-4316-A022-2793C28FBCCC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_z3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5A4FD3B4-FD1F-4340-B4AC-D76C11DAD4D5",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_z3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FB81CFD0-9558-47AB-96E4-CB21C1AA9159",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_vmx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "96D29083-7535-4B23-9141-BF6CE2824184",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_vmx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D6CE4DAD-7FA3-4D1B-A24F-D2B9F4F331BF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx600_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1C8F2FA1-B439-4978-AD2B-34C98310D894",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A4CF5E0-A7D0-4C9D-A180-16288BE3AC1A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx450_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D620C14D-7724-4C38-83A6-E33328EDE7C3",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx450:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B35EB71-8584-4803-A438-AEC406FD8445",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A61EA9B6-126D-4174-8BEF-7FD311724C03",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2ACA552D-78D3-4312-9537-28ADBB15E08A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx250_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "869396D2-5CB1-45FF-8CC8-C6BA17548076",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2D6CBE98-6B20-4F05-8871-0BEAD1D351B0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx105_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C86B5EA0-85E7-4B8D-83AE-445A2C945CB2",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx105:-:*:*:*:*:*:*:*",
"matchCriteriaId": "291C7E3A-74D1-4326-87A4-F60D60E3DC37",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0AF66E98-18FB-4862-96C6-090F9B563AAC",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D4DE139-CCB5-4BDD-8827-07348B8F0FF2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx95_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "40A18D40-3168-4270-A019-0FFB3652BD64",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx95:-:*:*:*:*:*:*:*",
"matchCriteriaId": "35740A98-6486-458C-99A9-8E23A781C917",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx85_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC297617-CF3B-4CD5-8E5B-14A5A58BB1AD",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx85:-:*:*:*:*:*:*:*",
"matchCriteriaId": "410A121A-037A-4D44-A35F-7AE41F93E5AF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx84_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5E4FB60C-E46F-4D0F-9C01-2D2670334694",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx84:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5A4239D-E115-4368-895A-002BBD94F243",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx75_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "995A6C94-CC7F-4CA4-8815-693E491652B4",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx75:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2A892F3D-62F9-4B04-94E8-FD803159C47B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx68w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "900C8DC4-EF1C-4762-A517-F67665F3D724",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx68w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "03F9C184-3811-4A26-846D-54ECE7CF939F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx68cw_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0118FD5D-0D25-4984-A6EB-40EF70B85144",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx68cw:-:*:*:*:*:*:*:*",
"matchCriteriaId": "18E682AA-05AD-483F-915F-A2B2C98233B7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx68_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FE27942F-86F1-480C-AFA1-762A5A9E775F",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx68:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6B4B5E-4FBB-48A9-B828-00C8AB479FB8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx67w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "87EE31D0-87F7-4943-96CC-D5BA48D5DFDA",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx67w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F2529662-8A54-4DFC-80E7-922CF22DE2F3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx67c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6AB39E09-A441-4F95-9F38-44942BDE98AD",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx67c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E9725A9F-B9B9-4784-AEEA-A5E5CE0A41F3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx67_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "45953505-EF91-4825-95CD-51EE86D694A5",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx67:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2702FE73-E4AC-45C7-A212-44D783720798",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx65w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1A471D3-2D62-4458-ADDE-53D60E55966C",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx65w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "69A23113-F7E1-4587-A4FF-A4AAB446A69D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx64w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D24D11CA-67C0-4376-91DE-F62118062FED",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx64w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B1038F5F-020D-41FD-9C3D-F2685F1EA916",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to hijack an AnyConnect VPN session or cause a denial of service (DoS) condition for individual users of the AnyConnect VPN service on an affected device.\r\n\r\nThis vulnerability is due to weak entropy for handlers that are used during the VPN authentication process as well as a race condition that exists in the same process. An attacker could exploit this vulnerability by correctly guessing an authentication handler and then sending crafted HTTPS requests to an affected device. A successful exploit could allow the attacker to take over the AnyConnect VPN session from a target user or prevent the target user from establishing an AnyConnect VPN session with the affected device."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el servidor VPN de Cisco AnyConnect de los dispositivos Cisco Meraki MX y Cisco Meraki Z Series Teleworker Gateway podr\u00eda permitir que un atacante remoto no autenticado secuestre una sesi\u00f3n VPN de AnyConnect o provoque una condici\u00f3n de denegaci\u00f3n de servicio (DoS) para usuarios individuales del servicio VPN de AnyConnect en un dispositivo afectado. Esta vulnerabilidad se debe a una entrop\u00eda d\u00e9bil para los controladores que se utilizan durante el proceso de autenticaci\u00f3n de VPN, as\u00ed como a una condici\u00f3n de ejecuci\u00f3n que existe en el mismo proceso. Un atacante podr\u00eda aprovechar esta vulnerabilidad adivinando correctamente un controlador de autenticaci\u00f3n y luego enviando solicitudes HTTPS manipuladas a un dispositivo afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante tomar el control de la sesi\u00f3n VPN de AnyConnect de un usuario objetivo o evitar que el usuario objetivo establezca una sesi\u00f3n VPN de AnyConnect con el dispositivo afectado."
}
],
"id": "CVE-2024-20509",
"lastModified": "2024-10-08T18:45:52.513",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-10-02T19:15:14.997",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meraki-mx-vpn-dos-by-QWUkqV7X"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-02 19:15
Modified
2024-10-08 18:27
Severity ?
5.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device.
This vulnerability is due to insufficient resource management when establishing TLS/SSL sessions. An attacker could exploit this vulnerability by sending a series of crafted TLS/SSL messages to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to stop accepting new connections, preventing new SSL VPN connections from being established. Existing SSL VPN sessions are not impacted.
Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_z4c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B63AAC8-D59D-4EF1-829E-11E9CB18A41F",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_z4c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AEE09C2D-9F52-4C72-9D7C-F9AF710D1174",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_z4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F62D4319-19DA-4DC0-88D0-DE859504EA6D",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_z4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "36770C3B-F962-48FB-9D9F-3EABB1F10EFD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_z3c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F7C73DAF-C7AF-4090-8F96-3D6F93A1DABD",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_z3c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6646F004-E0E0-4316-A022-2793C28FBCCC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_z3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5A4FD3B4-FD1F-4340-B4AC-D76C11DAD4D5",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_z3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FB81CFD0-9558-47AB-96E4-CB21C1AA9159",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_vmx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "96D29083-7535-4B23-9141-BF6CE2824184",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_vmx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D6CE4DAD-7FA3-4D1B-A24F-D2B9F4F331BF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx600_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1C8F2FA1-B439-4978-AD2B-34C98310D894",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A4CF5E0-A7D0-4C9D-A180-16288BE3AC1A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx450_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D620C14D-7724-4C38-83A6-E33328EDE7C3",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx450:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B35EB71-8584-4803-A438-AEC406FD8445",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A61EA9B6-126D-4174-8BEF-7FD311724C03",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2ACA552D-78D3-4312-9537-28ADBB15E08A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx250_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "869396D2-5CB1-45FF-8CC8-C6BA17548076",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2D6CBE98-6B20-4F05-8871-0BEAD1D351B0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx105_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C86B5EA0-85E7-4B8D-83AE-445A2C945CB2",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx105:-:*:*:*:*:*:*:*",
"matchCriteriaId": "291C7E3A-74D1-4326-87A4-F60D60E3DC37",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0AF66E98-18FB-4862-96C6-090F9B563AAC",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D4DE139-CCB5-4BDD-8827-07348B8F0FF2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx95_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "40A18D40-3168-4270-A019-0FFB3652BD64",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx95:-:*:*:*:*:*:*:*",
"matchCriteriaId": "35740A98-6486-458C-99A9-8E23A781C917",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx85_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC297617-CF3B-4CD5-8E5B-14A5A58BB1AD",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx85:-:*:*:*:*:*:*:*",
"matchCriteriaId": "410A121A-037A-4D44-A35F-7AE41F93E5AF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx84_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5E4FB60C-E46F-4D0F-9C01-2D2670334694",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx84:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5A4239D-E115-4368-895A-002BBD94F243",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx75_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "995A6C94-CC7F-4CA4-8815-693E491652B4",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx75:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2A892F3D-62F9-4B04-94E8-FD803159C47B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx68w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "900C8DC4-EF1C-4762-A517-F67665F3D724",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx68w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "03F9C184-3811-4A26-846D-54ECE7CF939F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx68cw_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0118FD5D-0D25-4984-A6EB-40EF70B85144",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx68cw:-:*:*:*:*:*:*:*",
"matchCriteriaId": "18E682AA-05AD-483F-915F-A2B2C98233B7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx68_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FE27942F-86F1-480C-AFA1-762A5A9E775F",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx68:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6B4B5E-4FBB-48A9-B828-00C8AB479FB8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx67w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "87EE31D0-87F7-4943-96CC-D5BA48D5DFDA",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx67w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F2529662-8A54-4DFC-80E7-922CF22DE2F3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx67c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6AB39E09-A441-4F95-9F38-44942BDE98AD",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx67c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E9725A9F-B9B9-4784-AEEA-A5E5CE0A41F3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx67_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "45953505-EF91-4825-95CD-51EE86D694A5",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx67:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2702FE73-E4AC-45C7-A212-44D783720798",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx65w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1A471D3-2D62-4458-ADDE-53D60E55966C",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx65w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "69A23113-F7E1-4587-A4FF-A4AAB446A69D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx65_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3C6574B-E879-4813-9516-93B41EBDFBD3",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "17.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx65:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3099A12-2D6F-4486-A690-1C809AF480B0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx64w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D24D11CA-67C0-4376-91DE-F62118062FED",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx64w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B1038F5F-020D-41FD-9C3D-F2685F1EA916",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx64_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "553AC2DF-6F85-40D3-B3B1-F979364BA4BD",
"versionEndIncluding": "18.211.2",
"versionStartIncluding": "17.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx64:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE749570-1EA6-4734-B96A-D02B3BA3A756",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device.\r\n\r\nThis vulnerability is due to insufficient resource management when establishing TLS/SSL sessions. An attacker could exploit this vulnerability by sending a series of crafted TLS/SSL messages to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to stop accepting new connections, preventing new SSL VPN connections from being established. Existing SSL VPN sessions are not impacted.\r\nNote: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el servidor VPN de Cisco AnyConnect de los dispositivos Cisco Meraki MX y Cisco Meraki Z Series Teleworker Gateway podr\u00eda permitir que un atacante remoto no autenticado provoque una condici\u00f3n de denegaci\u00f3n de servicio (DoS) en el servicio AnyConnect de un dispositivo afectado. Esta vulnerabilidad se debe a una gesti\u00f3n insuficiente de los recursos al establecer sesiones TLS/SSL. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando una serie de mensajes TLS/SSL manipulados al servidor VPN de un dispositivo afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante hacer que el servidor VPN de Cisco AnyConnect deje de aceptar nuevas conexiones, lo que impedir\u00eda que se establecieran nuevas conexiones VPN SSL. Las sesiones VPN SSL existentes no se ven afectadas. Nota: Cuando el tr\u00e1fico del ataque se detiene, el servidor VPN de Cisco AnyConnect se recupera sin problemas sin necesidad de intervenci\u00f3n manual."
}
],
"id": "CVE-2024-20500",
"lastModified": "2024-10-08T18:27:19.347",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-10-02T19:15:14.350",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meraki-mx-vpn-dos-QTRHzG2"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-02 19:15
Modified
2024-10-08 21:16
Severity ?
5.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary
A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition for targeted users of the AnyConnect service on an affected device.
This vulnerability is due to insufficient entropy for handlers that are used during SSL VPN session establishment. An unauthenticated attacker could exploit this vulnerability by brute forcing valid session handlers. An authenticated attacker could exploit this vulnerability by connecting to the AnyConnect VPN service of an affected device to retrieve a valid session handler and, based on that handler, predict further valid session handlers. The attacker would then send a crafted HTTPS request using the brute-forced or predicted session handler to the AnyConnect VPN server of the device. A successful exploit could allow the attacker to terminate targeted SSL VPN sessions, forcing remote users to initiate new VPN connections and reauthenticate.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx65_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3C6574B-E879-4813-9516-93B41EBDFBD3",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "17.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx65:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3099A12-2D6F-4486-A690-1C809AF480B0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx64_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23FA0FF8-5926-4623-9348-4347331C5F3F",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "17.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx64:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE749570-1EA6-4734-B96A-D02B3BA3A756",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_z4c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B63AAC8-D59D-4EF1-829E-11E9CB18A41F",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_z4c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AEE09C2D-9F52-4C72-9D7C-F9AF710D1174",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_z4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F62D4319-19DA-4DC0-88D0-DE859504EA6D",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_z4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "36770C3B-F962-48FB-9D9F-3EABB1F10EFD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_z3c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F7C73DAF-C7AF-4090-8F96-3D6F93A1DABD",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_z3c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6646F004-E0E0-4316-A022-2793C28FBCCC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_z3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5A4FD3B4-FD1F-4340-B4AC-D76C11DAD4D5",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_z3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FB81CFD0-9558-47AB-96E4-CB21C1AA9159",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_vmx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "96D29083-7535-4B23-9141-BF6CE2824184",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_vmx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D6CE4DAD-7FA3-4D1B-A24F-D2B9F4F331BF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx600_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1C8F2FA1-B439-4978-AD2B-34C98310D894",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A4CF5E0-A7D0-4C9D-A180-16288BE3AC1A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx450_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D620C14D-7724-4C38-83A6-E33328EDE7C3",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx450:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B35EB71-8584-4803-A438-AEC406FD8445",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A61EA9B6-126D-4174-8BEF-7FD311724C03",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2ACA552D-78D3-4312-9537-28ADBB15E08A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx250_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "869396D2-5CB1-45FF-8CC8-C6BA17548076",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2D6CBE98-6B20-4F05-8871-0BEAD1D351B0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx105_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C86B5EA0-85E7-4B8D-83AE-445A2C945CB2",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx105:-:*:*:*:*:*:*:*",
"matchCriteriaId": "291C7E3A-74D1-4326-87A4-F60D60E3DC37",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0AF66E98-18FB-4862-96C6-090F9B563AAC",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D4DE139-CCB5-4BDD-8827-07348B8F0FF2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx95_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "40A18D40-3168-4270-A019-0FFB3652BD64",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx95:-:*:*:*:*:*:*:*",
"matchCriteriaId": "35740A98-6486-458C-99A9-8E23A781C917",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx85_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC297617-CF3B-4CD5-8E5B-14A5A58BB1AD",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx85:-:*:*:*:*:*:*:*",
"matchCriteriaId": "410A121A-037A-4D44-A35F-7AE41F93E5AF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx84_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5E4FB60C-E46F-4D0F-9C01-2D2670334694",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx84:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5A4239D-E115-4368-895A-002BBD94F243",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx75_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "995A6C94-CC7F-4CA4-8815-693E491652B4",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx75:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2A892F3D-62F9-4B04-94E8-FD803159C47B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx68w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "900C8DC4-EF1C-4762-A517-F67665F3D724",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx68w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "03F9C184-3811-4A26-846D-54ECE7CF939F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx68cw_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0118FD5D-0D25-4984-A6EB-40EF70B85144",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx68cw:-:*:*:*:*:*:*:*",
"matchCriteriaId": "18E682AA-05AD-483F-915F-A2B2C98233B7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx68_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FE27942F-86F1-480C-AFA1-762A5A9E775F",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx68:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6B4B5E-4FBB-48A9-B828-00C8AB479FB8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx67w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "87EE31D0-87F7-4943-96CC-D5BA48D5DFDA",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx67w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F2529662-8A54-4DFC-80E7-922CF22DE2F3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx67c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6AB39E09-A441-4F95-9F38-44942BDE98AD",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx67c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E9725A9F-B9B9-4784-AEEA-A5E5CE0A41F3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx67_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "45953505-EF91-4825-95CD-51EE86D694A5",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx67:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2702FE73-E4AC-45C7-A212-44D783720798",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx65w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1A471D3-2D62-4458-ADDE-53D60E55966C",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx65w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "69A23113-F7E1-4587-A4FF-A4AAB446A69D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx64w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D24D11CA-67C0-4376-91DE-F62118062FED",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx64w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B1038F5F-020D-41FD-9C3D-F2685F1EA916",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition for targeted users of the AnyConnect service on an affected device.\r\n\r\nThis vulnerability is due to insufficient entropy for handlers that are used during SSL VPN session establishment. An unauthenticated attacker could exploit this vulnerability by brute forcing valid session handlers. An authenticated attacker could exploit this vulnerability by connecting to the AnyConnect VPN service of an affected device to retrieve a valid session handler and, based on that handler, predict further valid session handlers. The attacker would then send a crafted HTTPS request using the brute-forced or predicted session handler to the AnyConnect VPN server of the device. A successful exploit could allow the attacker to terminate targeted SSL VPN sessions, forcing remote users to initiate new VPN connections and reauthenticate."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el servidor VPN de Cisco AnyConnect de los dispositivos Cisco Meraki MX y Cisco Meraki Z Series Teleworker Gateway podr\u00eda permitir que un atacante remoto no autenticado provoque una condici\u00f3n de denegaci\u00f3n de servicio (DoS) para usuarios espec\u00edficos del servicio AnyConnect en un dispositivo afectado. Esta vulnerabilidad se debe a una entrop\u00eda insuficiente para los controladores que se utilizan durante el establecimiento de una sesi\u00f3n VPN SSL. Un atacante no autenticado podr\u00eda explotar esta vulnerabilidad mediante la fuerza bruta de controladores de sesi\u00f3n v\u00e1lidos. Un atacante autenticado podr\u00eda explotar esta vulnerabilidad conect\u00e1ndose al servicio VPN AnyConnect de un dispositivo afectado para recuperar un controlador de sesi\u00f3n v\u00e1lido y, en funci\u00f3n de ese controlador, predecir otros controladores de sesi\u00f3n v\u00e1lidos. A continuaci\u00f3n, el atacante enviar\u00eda una solicitud HTTPS manipulada mediante el controlador de sesi\u00f3n forzado o previsto al servidor VPN AnyConnect del dispositivo. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante finalizar sesiones VPN SSL espec\u00edficas, lo que obligar\u00eda a los usuarios remotos a iniciar nuevas conexiones VPN y volver a autenticarse."
}
],
"id": "CVE-2024-20513",
"lastModified": "2024-10-08T21:16:54.820",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-10-02T19:15:15.210",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meraki-mx-vpn-dos-QTRHzG2"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-639"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-639"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-02 19:15
Modified
2024-10-08 18:28
Severity ?
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device.
These vulnerabilities are due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to restart, resulting in the failure of the established SSL VPN connections and forcing remote users to initiate a new VPN connection and reauthenticate. A sustained attack could prevent new SSL VPN connections from being established.
Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx65_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3C6574B-E879-4813-9516-93B41EBDFBD3",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "17.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx65:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3099A12-2D6F-4486-A690-1C809AF480B0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx64_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "553AC2DF-6F85-40D3-B3B1-F979364BA4BD",
"versionEndIncluding": "18.211.2",
"versionStartIncluding": "17.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx64:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE749570-1EA6-4734-B96A-D02B3BA3A756",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_z4c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B63AAC8-D59D-4EF1-829E-11E9CB18A41F",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_z4c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AEE09C2D-9F52-4C72-9D7C-F9AF710D1174",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_z4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F62D4319-19DA-4DC0-88D0-DE859504EA6D",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_z4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "36770C3B-F962-48FB-9D9F-3EABB1F10EFD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_z3c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F7C73DAF-C7AF-4090-8F96-3D6F93A1DABD",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_z3c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6646F004-E0E0-4316-A022-2793C28FBCCC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_z3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5A4FD3B4-FD1F-4340-B4AC-D76C11DAD4D5",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_z3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FB81CFD0-9558-47AB-96E4-CB21C1AA9159",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_vmx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "96D29083-7535-4B23-9141-BF6CE2824184",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_vmx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D6CE4DAD-7FA3-4D1B-A24F-D2B9F4F331BF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx600_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1C8F2FA1-B439-4978-AD2B-34C98310D894",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A4CF5E0-A7D0-4C9D-A180-16288BE3AC1A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx450_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D620C14D-7724-4C38-83A6-E33328EDE7C3",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx450:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B35EB71-8584-4803-A438-AEC406FD8445",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A61EA9B6-126D-4174-8BEF-7FD311724C03",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2ACA552D-78D3-4312-9537-28ADBB15E08A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx250_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "869396D2-5CB1-45FF-8CC8-C6BA17548076",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2D6CBE98-6B20-4F05-8871-0BEAD1D351B0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx105_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C86B5EA0-85E7-4B8D-83AE-445A2C945CB2",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx105:-:*:*:*:*:*:*:*",
"matchCriteriaId": "291C7E3A-74D1-4326-87A4-F60D60E3DC37",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0AF66E98-18FB-4862-96C6-090F9B563AAC",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D4DE139-CCB5-4BDD-8827-07348B8F0FF2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx95_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "40A18D40-3168-4270-A019-0FFB3652BD64",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx95:-:*:*:*:*:*:*:*",
"matchCriteriaId": "35740A98-6486-458C-99A9-8E23A781C917",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx85_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC297617-CF3B-4CD5-8E5B-14A5A58BB1AD",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx85:-:*:*:*:*:*:*:*",
"matchCriteriaId": "410A121A-037A-4D44-A35F-7AE41F93E5AF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx84_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5E4FB60C-E46F-4D0F-9C01-2D2670334694",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx84:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5A4239D-E115-4368-895A-002BBD94F243",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx75_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "995A6C94-CC7F-4CA4-8815-693E491652B4",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx75:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2A892F3D-62F9-4B04-94E8-FD803159C47B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx68w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "900C8DC4-EF1C-4762-A517-F67665F3D724",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx68w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "03F9C184-3811-4A26-846D-54ECE7CF939F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx68cw_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0118FD5D-0D25-4984-A6EB-40EF70B85144",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx68cw:-:*:*:*:*:*:*:*",
"matchCriteriaId": "18E682AA-05AD-483F-915F-A2B2C98233B7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx68_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FE27942F-86F1-480C-AFA1-762A5A9E775F",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx68:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6B4B5E-4FBB-48A9-B828-00C8AB479FB8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx67w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "87EE31D0-87F7-4943-96CC-D5BA48D5DFDA",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx67w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F2529662-8A54-4DFC-80E7-922CF22DE2F3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx67c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6AB39E09-A441-4F95-9F38-44942BDE98AD",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx67c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E9725A9F-B9B9-4784-AEEA-A5E5CE0A41F3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx67_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "45953505-EF91-4825-95CD-51EE86D694A5",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx67:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2702FE73-E4AC-45C7-A212-44D783720798",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx65w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1A471D3-2D62-4458-ADDE-53D60E55966C",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx65w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "69A23113-F7E1-4587-A4FF-A4AAB446A69D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx64w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D24D11CA-67C0-4376-91DE-F62118062FED",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx64w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B1038F5F-020D-41FD-9C3D-F2685F1EA916",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device.\r\n\r\nThese vulnerabilities are due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to restart, resulting in the failure of the established SSL VPN connections and forcing remote users to initiate a new VPN connection and reauthenticate. A sustained attack could prevent new SSL VPN connections from being established.\r\nNote: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention."
},
{
"lang": "es",
"value": "Varias vulnerabilidades en el servidor VPN de Cisco AnyConnect de los dispositivos Cisco Meraki MX y Cisco Meraki Z Series Teleworker Gateway podr\u00edan permitir que un atacante remoto no autenticado provoque una condici\u00f3n de denegaci\u00f3n de servicio (DoS) en el servicio AnyConnect de un dispositivo afectado. Estas vulnerabilidades se deben a una validaci\u00f3n insuficiente de los par\u00e1metros proporcionados por el cliente al establecer una sesi\u00f3n VPN SSL. Un atacante podr\u00eda aprovechar estas vulnerabilidades enviando una solicitud HTTPS manipulada al servidor VPN de un dispositivo afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir que el atacante haga que el servidor VPN de Cisco AnyConnect se reinicie, lo que provocar\u00eda la falla de las conexiones VPN SSL establecidas y obligar\u00eda a los usuarios remotos a iniciar una nueva conexi\u00f3n VPN y volver a autenticarse. Un ataque sostenido podr\u00eda evitar que se establezcan nuevas conexiones VPN SSL. Nota: Cuando el tr\u00e1fico del ataque se detiene, el servidor VPN de Cisco AnyConnect se recupera sin problemas sin necesidad de intervenci\u00f3n manual."
}
],
"id": "CVE-2024-20501",
"lastModified": "2024-10-08T18:28:51.753",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-10-02T19:15:14.570",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meraki-mx-vpn-dos-QTRHzG2"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-01-13 22:15
Modified
2024-11-26 16:09
Severity ?
5.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
Multiple Cisco products are affected by a vulnerability with TCP Fast Open (TFO) when used in conjunction with the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. The vulnerability is due to incorrect detection of the HTTP payload if it is contained at least partially within the TFO connection handshake. An attacker could exploit this vulnerability by sending crafted TFO packets with an HTTP payload through an affected device. A successful exploit could allow the attacker to bypass configured file policy for HTTP packets and deliver a malicious payload.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB1B5DAC-CE54-43E4-89F6-6DFD7A65C8EA",
"versionEndExcluding": "6.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:2.9.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2986D5BD-1936-41BD-A992-7672C019F27E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:2.9.15:*:*:*:*:*:*:*",
"matchCriteriaId": "42493B4F-0CF2-45F0-B72D-36F0597CC274",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:2.9.16:*:*:*:*:*:*:*",
"matchCriteriaId": "06F2E7D8-BB95-480D-AE3E-F9B97C3A5379",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:2.9.17:*:*:*:*:*:*:*",
"matchCriteriaId": "6F41C382-C849-465C-AF77-0A787CA03BA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:2.9.18:*:*:*:*:*:*:*",
"matchCriteriaId": "80AD91C6-B7E3-48AC-8A51-3C05FE2659AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "408B880A-50EF-4246-BF38-213D812BD0BE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "72B91784-38A9-4A2A-AA92-8AB558924BBD",
"versionEndExcluding": "17.4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:1100-4p_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2D2305B-B69E-4F74-A44E-07B3205CE9F7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:1100-8p_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26DD41B3-1D1D-44D3-BA8E-5A66AFEE77E6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:1101-4p_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5AAD4397-6DCF-493A-BD61-3A890F6F3AB2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:1109-2p_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3F2F0A8E-97F6-41AC-BE67-4B2D60F9D36B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:1109-4p_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB9229F3-7BCE-46C4-9879-D57B5BAAE44E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:1111x-8p_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A5A606FE-E6F1-43F9-B1CD-D9DF35FC3573",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:4221_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C8AED7C-DDA3-4C29-BB95-6518C02C551A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:4321_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9421DBEF-AE42-4234-B49F-FCC34B804D7F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:4331_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5419CB9F-241F-4431-914F-2659BE27BEA5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:4351_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7DE02DBE-EAD5-4F37-8AB7-DF46A605A0E2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:4431_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5720462A-BE6B-4E84-A1A1-01E80BBA86AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:4451-x_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "818CEFA6-208C-43C3-8E43-474A93ADCF21",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:4461_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8B60888-6E2B-494E-AC65-83337661EE7D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:csr_1000v:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BF8B0B49-2C99-410B-B011-5B821C5992FB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:isa_3000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9510E97A-FD78-43C6-85BC-223001ACA264",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:snort:snort:*:*:*:*:*:*:*:*",
"matchCriteriaId": "715F9721-D26C-4086-873F-837D0FCAF1A5",
"versionEndExcluding": "2.9.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx64_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7BCF0950-162A-4E47-BA2A-43701EA7782E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx64:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE749570-1EA6-4734-B96A-D02B3BA3A756",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx64w_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15CD8683-DFB3-45E3-B6E2-92AFD846B0BA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx64w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B1038F5F-020D-41FD-9C3D-F2685F1EA916",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx67_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FF993C79-4C7F-4B99-B8BB-3996C4F3D8F0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx67:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2702FE73-E4AC-45C7-A212-44D783720798",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx67c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2C6A8AAC-9813-45C9-8C69-0579C0ADA0C3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx67c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E9725A9F-B9B9-4784-AEEA-A5E5CE0A41F3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx67w_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B2F5CB3-1AE0-4905-A28B-090FDA56622E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx67w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F2529662-8A54-4DFC-80E7-922CF22DE2F3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx68_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "24AB6590-8775-4744-BF84-892F0BD10225",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx68:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6B4B5E-4FBB-48A9-B828-00C8AB479FB8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx68cw_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39884334-73AF-4E98-B05A-20FFF82B5DF1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx68cw:-:*:*:*:*:*:*:*",
"matchCriteriaId": "18E682AA-05AD-483F-915F-A2B2C98233B7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx68w_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "85EF67F0-973F-4FD1-8077-CE68D2AB1149",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx68w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "03F9C184-3811-4A26-846D-54ECE7CF939F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx100_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "77C0B39F-AE49-44D7-8951-9DB0464FE43B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D4DE139-CCB5-4BDD-8827-07348B8F0FF2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx84_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8398495B-47DB-4A16-AF8C-053685D5DD9C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx84:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5A4239D-E115-4368-895A-002BBD94F243",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx250_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "90EC4BA2-0FA2-4841-9AB1-3FC92D22530D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2D6CBE98-6B20-4F05-8871-0BEAD1D351B0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx450_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A685A8D6-9B97-46B3-8087-0D44EE0D65AD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx450:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B35EB71-8584-4803-A438-AEC406FD8445",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple Cisco products are affected by a vulnerability with TCP Fast Open (TFO) when used in conjunction with the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. The vulnerability is due to incorrect detection of the HTTP payload if it is contained at least partially within the TFO connection handshake. An attacker could exploit this vulnerability by sending crafted TFO packets with an HTTP payload through an affected device. A successful exploit could allow the attacker to bypass configured file policy for HTTP packets and deliver a malicious payload."
},
{
"lang": "es",
"value": "M\u00faltiples productos de Cisco est\u00e1n afectados por una vulnerabilidad con TCP Fast Open (TFO) cuando se usan en conjunto con el motor de detecci\u00f3n Snort que podr\u00eda permitir a un atacante remoto no autenticado omitir una pol\u00edtica de archivos configurada para HTTP.\u0026#xa0;La vulnerabilidad es debido a la detecci\u00f3n incorrecta de la carga \u00fatil HTTP si est\u00e1 contenida al menos parcialmente dentro del protocolo de enlace de la conexi\u00f3n TFO.\u0026#xa0;Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de paquetes TFO dise\u00f1ados con una carga \u00fatil HTTP a trav\u00e9s de un dispositivo afectado.\u0026#xa0;Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante omitir la pol\u00edtica de archivos configurada para paquetes HTTP y entregar una carga \u00fatil maliciosa."
}
],
"id": "CVE-2021-1224",
"lastModified": "2024-11-26T16:09:02.407",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-01-13T22:15:20.410",
"references": [
{
"source": "ykramarz@cisco.com",
"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00011.html"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-tfo-bypass-MmzZrtes"
},
{
"source": "ykramarz@cisco.com",
"url": "https://www.debian.org/security/2023/dsa-5354"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-tfo-bypass-MmzZrtes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.debian.org/security/2023/dsa-5354"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-693"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-02 19:15
Modified
2024-10-08 18:46
Severity ?
5.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device.
This vulnerability is due to insufficient resource management while establishing SSL VPN sessions. An attacker could exploit this vulnerability by sending a series of crafted HTTPS requests to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to stop accepting new connections, preventing new SSL VPN connections from being established. Existing SSL VPN sessions are not impacted.
Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx65_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3C6574B-E879-4813-9516-93B41EBDFBD3",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "17.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx65:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3099A12-2D6F-4486-A690-1C809AF480B0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx64_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23FA0FF8-5926-4623-9348-4347331C5F3F",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "17.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx64:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE749570-1EA6-4734-B96A-D02B3BA3A756",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_z4c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B63AAC8-D59D-4EF1-829E-11E9CB18A41F",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_z4c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AEE09C2D-9F52-4C72-9D7C-F9AF710D1174",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_z4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F62D4319-19DA-4DC0-88D0-DE859504EA6D",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_z4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "36770C3B-F962-48FB-9D9F-3EABB1F10EFD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_z3c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F7C73DAF-C7AF-4090-8F96-3D6F93A1DABD",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_z3c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6646F004-E0E0-4316-A022-2793C28FBCCC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_z3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5A4FD3B4-FD1F-4340-B4AC-D76C11DAD4D5",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_z3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FB81CFD0-9558-47AB-96E4-CB21C1AA9159",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_vmx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "96D29083-7535-4B23-9141-BF6CE2824184",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_vmx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D6CE4DAD-7FA3-4D1B-A24F-D2B9F4F331BF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx600_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1C8F2FA1-B439-4978-AD2B-34C98310D894",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A4CF5E0-A7D0-4C9D-A180-16288BE3AC1A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx450_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D620C14D-7724-4C38-83A6-E33328EDE7C3",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx450:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B35EB71-8584-4803-A438-AEC406FD8445",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A61EA9B6-126D-4174-8BEF-7FD311724C03",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2ACA552D-78D3-4312-9537-28ADBB15E08A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx250_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "869396D2-5CB1-45FF-8CC8-C6BA17548076",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2D6CBE98-6B20-4F05-8871-0BEAD1D351B0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx105_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C86B5EA0-85E7-4B8D-83AE-445A2C945CB2",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx105:-:*:*:*:*:*:*:*",
"matchCriteriaId": "291C7E3A-74D1-4326-87A4-F60D60E3DC37",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0AF66E98-18FB-4862-96C6-090F9B563AAC",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D4DE139-CCB5-4BDD-8827-07348B8F0FF2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx95_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "40A18D40-3168-4270-A019-0FFB3652BD64",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx95:-:*:*:*:*:*:*:*",
"matchCriteriaId": "35740A98-6486-458C-99A9-8E23A781C917",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx85_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC297617-CF3B-4CD5-8E5B-14A5A58BB1AD",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx85:-:*:*:*:*:*:*:*",
"matchCriteriaId": "410A121A-037A-4D44-A35F-7AE41F93E5AF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx84_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5E4FB60C-E46F-4D0F-9C01-2D2670334694",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx84:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5A4239D-E115-4368-895A-002BBD94F243",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx75_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "995A6C94-CC7F-4CA4-8815-693E491652B4",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx75:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2A892F3D-62F9-4B04-94E8-FD803159C47B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx68w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "900C8DC4-EF1C-4762-A517-F67665F3D724",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx68w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "03F9C184-3811-4A26-846D-54ECE7CF939F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx68cw_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0118FD5D-0D25-4984-A6EB-40EF70B85144",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx68cw:-:*:*:*:*:*:*:*",
"matchCriteriaId": "18E682AA-05AD-483F-915F-A2B2C98233B7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx68_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FE27942F-86F1-480C-AFA1-762A5A9E775F",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx68:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6B4B5E-4FBB-48A9-B828-00C8AB479FB8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx67w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "87EE31D0-87F7-4943-96CC-D5BA48D5DFDA",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx67w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F2529662-8A54-4DFC-80E7-922CF22DE2F3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx67c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6AB39E09-A441-4F95-9F38-44942BDE98AD",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx67c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E9725A9F-B9B9-4784-AEEA-A5E5CE0A41F3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx67_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "45953505-EF91-4825-95CD-51EE86D694A5",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx67:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2702FE73-E4AC-45C7-A212-44D783720798",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx65w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1A471D3-2D62-4458-ADDE-53D60E55966C",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx65w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "69A23113-F7E1-4587-A4FF-A4AAB446A69D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:meraki_mx64w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D24D11CA-67C0-4376-91DE-F62118062FED",
"versionEndExcluding": "18.211.2",
"versionStartIncluding": "16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:meraki_mx64w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B1038F5F-020D-41FD-9C3D-F2685F1EA916",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device.\r\n\r\nThis vulnerability is due to insufficient resource management while establishing SSL VPN sessions. An attacker could exploit this vulnerability by sending a series of crafted HTTPS requests to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to stop accepting new connections, preventing new SSL VPN connections from being established. Existing SSL VPN sessions are not impacted.\r\nNote: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el servidor VPN de Cisco AnyConnect de los dispositivos Cisco Meraki MX y Cisco Meraki Z Series Teleworker Gateway podr\u00eda permitir que un atacante remoto no autenticado provoque una condici\u00f3n de denegaci\u00f3n de servicio (DoS) en un dispositivo afectado. Esta vulnerabilidad se debe a una gesti\u00f3n insuficiente de los recursos al establecer sesiones VPN SSL. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando una serie de solicitudes HTTPS manipuladas al servidor VPN de un dispositivo afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante hacer que el servidor VPN de Cisco AnyConnect deje de aceptar nuevas conexiones, lo que impedir\u00eda que se establecieran nuevas conexiones VPN SSL. Las sesiones VPN SSL existentes no se ven afectadas. Nota: Cuando el tr\u00e1fico del ataque se detiene, el servidor VPN de Cisco AnyConnect se recupera sin problemas sin necesidad de intervenci\u00f3n manual."
}
],
"id": "CVE-2024-20502",
"lastModified": "2024-10-08T18:46:38.437",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-10-02T19:15:14.780",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meraki-mx-vpn-dos-QTRHzG2"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2024-20513
Vulnerability from cvelistv5
Published
2024-10-02 18:23
Modified
2024-10-02 19:48
Severity ?
EPSS score ?
Summary
A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition for targeted users of the AnyConnect service on an affected device.
This vulnerability is due to insufficient entropy for handlers that are used during SSL VPN session establishment. An unauthenticated attacker could exploit this vulnerability by brute forcing valid session handlers. An authenticated attacker could exploit this vulnerability by connecting to the AnyConnect VPN service of an affected device to retrieve a valid session handler and, based on that handler, predict further valid session handlers. The attacker would then send a crafted HTTPS request using the brute-forced or predicted session handler to the AnyConnect VPN server of the device. A successful exploit could allow the attacker to terminate targeted SSL VPN sessions, forcing remote users to initiate new VPN connections and reauthenticate.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco Meraki MX Firmware |
Version: N/A |
|
|
|||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20513",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T19:48:03.244649Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T19:48:23.292Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Meraki MX Firmware",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition for targeted users of the AnyConnect service on an affected device.\r\n\r\nThis vulnerability is due to insufficient entropy for handlers that are used during SSL VPN session establishment. An unauthenticated attacker could exploit this vulnerability by brute forcing valid session handlers. An authenticated attacker could exploit this vulnerability by connecting to the AnyConnect VPN service of an affected device to retrieve a valid session handler and, based on that handler, predict further valid session handlers. The attacker would then send a crafted HTTPS request using the brute-forced or predicted session handler to the AnyConnect VPN server of the device. A successful exploit could allow the attacker to terminate targeted SSL VPN sessions, forcing remote users to initiate new VPN connections and reauthenticate."
}
],
"exploits": [
{
"lang": "en",
"value": "Neither the Cisco Product Security Incident Response Team (PSIRT) nor the Cisco Meraki Incident Response Team is aware of any malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T18:23:54.411Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-meraki-mx-vpn-dos-QTRHzG2",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meraki-mx-vpn-dos-QTRHzG2"
}
],
"source": {
"advisory": "cisco-sa-meraki-mx-vpn-dos-QTRHzG2",
"discovery": "INTERNAL"
},
"title": "Cisco Meraki MX and Z3 Teleworker Gateway AnyConnect VPN Targeted Denial of Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20513",
"datePublished": "2024-10-02T18:23:54.411Z",
"dateReserved": "2023-11-08T15:08:07.689Z",
"dateUpdated": "2024-10-02T19:48:23.292Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-1224
Vulnerability from cvelistv5
Published
2021-01-13 21:16
Modified
2024-11-12 20:48
Severity ?
EPSS score ?
Summary
Multiple Cisco products are affected by a vulnerability with TCP Fast Open (TFO) when used in conjunction with the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. The vulnerability is due to incorrect detection of the HTTP payload if it is contained at least partially within the TFO connection handshake. An attacker could exploit this vulnerability by sending crafted TFO packets with an HTTP payload through an affected device. A successful exploit could allow the attacker to bypass configured file policy for HTTP packets and deliver a malicious payload.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco Firepower Threat Defense Software |
Version: n/a |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:02:56.126Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20210113 Multiple Cisco Products Snort TCP Fast Open File Policy Bypass Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-tfo-bypass-MmzZrtes"
},
{
"name": "[debian-lts-announce] 20230210 [SECURITY] [DLA 3317-1] snort security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00011.html"
},
{
"name": "DSA-5354",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5354"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-1224",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-08T20:06:11.617988Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T20:48:38.628Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Firepower Threat Defense Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2021-01-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple Cisco products are affected by a vulnerability with TCP Fast Open (TFO) when used in conjunction with the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. The vulnerability is due to incorrect detection of the HTTP payload if it is contained at least partially within the TFO connection handshake. An attacker could exploit this vulnerability by sending crafted TFO packets with an HTTP payload through an affected device. A successful exploit could allow the attacker to bypass configured file policy for HTTP packets and deliver a malicious payload."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-693",
"description": "CWE-693",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-19T00:00:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20210113 Multiple Cisco Products Snort TCP Fast Open File Policy Bypass Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-tfo-bypass-MmzZrtes"
},
{
"name": "[debian-lts-announce] 20230210 [SECURITY] [DLA 3317-1] snort security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00011.html"
},
{
"name": "DSA-5354",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5354"
}
],
"source": {
"advisory": "cisco-sa-snort-tfo-bypass-MmzZrtes",
"defect": [
[
"CSCvt43136",
"CSCvu88532"
]
],
"discovery": "INTERNAL"
},
"title": "Multiple Cisco Products Snort TCP Fast Open File Policy Bypass Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2021-1224",
"datePublished": "2021-01-13T21:16:53.450812Z",
"dateReserved": "2020-11-13T00:00:00",
"dateUpdated": "2024-11-12T20:48:38.628Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-20502
Vulnerability from cvelistv5
Published
2024-10-02 18:23
Modified
2024-10-02 19:01
Severity ?
EPSS score ?
Summary
A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device.
This vulnerability is due to insufficient resource management while establishing SSL VPN sessions. An attacker could exploit this vulnerability by sending a series of crafted HTTPS requests to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to stop accepting new connections, preventing new SSL VPN connections from being established. Existing SSL VPN sessions are not impacted.
Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco Meraki MX Firmware |
Version: N/A |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:cisco:meraki_mx:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "meraki_mx",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:cisco:meraki_z1:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "meraki_z1",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20502",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T18:59:14.837416Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T19:01:09.601Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Meraki MX Firmware",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device.\r\n\r\nThis vulnerability is due to insufficient resource management while establishing SSL VPN sessions. An attacker could exploit this vulnerability by sending a series of crafted HTTPS requests to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to stop accepting new connections, preventing new SSL VPN connections from being established. Existing SSL VPN sessions are not impacted.\r\nNote: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention."
}
],
"exploits": [
{
"lang": "en",
"value": "Neither the Cisco Product Security Incident Response Team (PSIRT) nor the Cisco Meraki Incident Response Team is aware of any malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "Uncontrolled Resource Consumption",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T18:23:45.163Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-meraki-mx-vpn-dos-QTRHzG2",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meraki-mx-vpn-dos-QTRHzG2"
}
],
"source": {
"advisory": "cisco-sa-meraki-mx-vpn-dos-QTRHzG2",
"discovery": "INTERNAL"
},
"title": "Cisco Meraki MX and Z3 Teleworker Gateway AnyConnect VPN Denial of Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20502",
"datePublished": "2024-10-02T18:23:45.163Z",
"dateReserved": "2023-11-08T15:08:07.687Z",
"dateUpdated": "2024-10-02T19:01:09.601Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-20500
Vulnerability from cvelistv5
Published
2024-10-02 18:23
Modified
2024-10-02 19:05
Severity ?
EPSS score ?
Summary
A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device.
This vulnerability is due to insufficient resource management when establishing TLS/SSL sessions. An attacker could exploit this vulnerability by sending a series of crafted TLS/SSL messages to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to stop accepting new connections, preventing new SSL VPN connections from being established. Existing SSL VPN sessions are not impacted.
Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco Meraki MX Firmware |
Version: N/A |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:cisco:meraki_mx:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "meraki_mx",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:cisco:meraki_z1:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "meraki_z1",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20500",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T19:05:10.593025Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T19:05:52.477Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Meraki MX Firmware",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device.\r\n\r\nThis vulnerability is due to insufficient resource management when establishing TLS/SSL sessions. An attacker could exploit this vulnerability by sending a series of crafted TLS/SSL messages to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to stop accepting new connections, preventing new SSL VPN connections from being established. Existing SSL VPN sessions are not impacted.\r\nNote: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention."
}
],
"exploits": [
{
"lang": "en",
"value": "Neither the Cisco Product Security Incident Response Team (PSIRT) nor the Cisco Meraki Incident Response Team is aware of any malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "Uncontrolled Resource Consumption",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T18:23:19.259Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-meraki-mx-vpn-dos-QTRHzG2",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meraki-mx-vpn-dos-QTRHzG2"
}
],
"source": {
"advisory": "cisco-sa-meraki-mx-vpn-dos-QTRHzG2",
"discovery": "INTERNAL"
},
"title": "Cisco Meraki MX and Z3 Teleworker Gateway AnyConnect VPN Denial of Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20500",
"datePublished": "2024-10-02T18:23:19.259Z",
"dateReserved": "2023-11-08T15:08:07.687Z",
"dateUpdated": "2024-10-02T19:05:52.477Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-20501
Vulnerability from cvelistv5
Published
2024-10-02 18:23
Modified
2024-10-02 19:03
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device.
These vulnerabilities are due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to restart, resulting in the failure of the established SSL VPN connections and forcing remote users to initiate a new VPN connection and reauthenticate. A sustained attack could prevent new SSL VPN connections from being established.
Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco Meraki MX Firmware |
Version: N/A |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:cisco:meraki_mx:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "meraki_mx",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:cisco:meraki_z1:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "meraki_z1",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20501",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T19:01:58.939883Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T19:03:03.851Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Meraki MX Firmware",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device.\r\n\r\nThese vulnerabilities are due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to restart, resulting in the failure of the established SSL VPN connections and forcing remote users to initiate a new VPN connection and reauthenticate. A sustained attack could prevent new SSL VPN connections from being established.\r\nNote: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention."
}
],
"exploits": [
{
"lang": "en",
"value": "Neither the Cisco Product Security Incident Response Team (PSIRT) nor the Cisco Meraki Incident Response Team is aware of any malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out-of-bounds Write",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T18:23:35.875Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-meraki-mx-vpn-dos-QTRHzG2",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meraki-mx-vpn-dos-QTRHzG2"
}
],
"source": {
"advisory": "cisco-sa-meraki-mx-vpn-dos-QTRHzG2",
"defects": [
"CSCwh53896"
],
"discovery": "INTERNAL"
},
"title": "Cisco Meraki MX and Z3 Teleworker Gateway AnyConnect VPN Denial of Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20501",
"datePublished": "2024-10-02T18:23:35.875Z",
"dateReserved": "2023-11-08T15:08:07.687Z",
"dateUpdated": "2024-10-02T19:03:03.851Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-20498
Vulnerability from cvelistv5
Published
2024-10-02 18:23
Modified
2024-10-02 19:08
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device.
These vulnerabilities are due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to restart, resulting in the failure of the established SSL VPN connections and forcing remote users to initiate a new VPN connection and reauthenticate. A sustained attack could prevent new SSL VPN connections from being established.
Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco Meraki MX Firmware |
Version: N/A |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:cisco:meraki_mx:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "meraki_mx",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:cisco:meraki_z1:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "meraki_z1",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20498",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T19:07:18.453595Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T19:08:07.164Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Meraki MX Firmware",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device.\r\n\r\nThese vulnerabilities are due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to restart, resulting in the failure of the established SSL VPN connections and forcing remote users to initiate a new VPN connection and reauthenticate. A sustained attack could prevent new SSL VPN connections from being established.\r\nNote: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention."
}
],
"exploits": [
{
"lang": "en",
"value": "Neither the Cisco Product Security Incident Response Team (PSIRT) nor the Cisco Meraki Incident Response Team is aware of any malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-415",
"description": "Double Free",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T18:23:11.523Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-meraki-mx-vpn-dos-QTRHzG2",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meraki-mx-vpn-dos-QTRHzG2"
}
],
"source": {
"advisory": "cisco-sa-meraki-mx-vpn-dos-QTRHzG2",
"discovery": "INTERNAL"
},
"title": "Cisco Meraki MX and Z3 Teleworker Gateway AnyConnect VPN Denial of Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20498",
"datePublished": "2024-10-02T18:23:11.523Z",
"dateReserved": "2023-11-08T15:08:07.686Z",
"dateUpdated": "2024-10-02T19:08:07.164Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-20509
Vulnerability from cvelistv5
Published
2024-10-02 18:24
Modified
2024-10-02 19:51
Severity ?
EPSS score ?
Summary
A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to hijack an AnyConnect VPN session or cause a denial of service (DoS) condition for individual users of the AnyConnect VPN service on an affected device.
This vulnerability is due to weak entropy for handlers that are used during the VPN authentication process as well as a race condition that exists in the same process. An attacker could exploit this vulnerability by correctly guessing an authentication handler and then sending crafted HTTPS requests to an affected device. A successful exploit could allow the attacker to take over the AnyConnect VPN session from a target user or prevent the target user from establishing an AnyConnect VPN session with the affected device.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco Meraki MX Firmware |
Version: N/A |
|
|
|||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20509",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T19:50:56.321761Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T19:51:14.048Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Meraki MX Firmware",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to hijack an AnyConnect VPN session or cause a denial of service (DoS) condition for individual users of the AnyConnect VPN service on an affected device.\r\n\r\nThis vulnerability is due to weak entropy for handlers that are used during the VPN authentication process as well as a race condition that exists in the same process. An attacker could exploit this vulnerability by correctly guessing an authentication handler and then sending crafted HTTPS requests to an affected device. A successful exploit could allow the attacker to take over the AnyConnect VPN session from a target user or prevent the target user from establishing an AnyConnect VPN session with the affected device."
}
],
"exploits": [
{
"lang": "en",
"value": "Neither the Cisco PSIRT nor the Cisco Meraki Incident Response Team is aware of any malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T18:24:42.768Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-meraki-mx-vpn-dos-by-QWUkqV7X",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meraki-mx-vpn-dos-by-QWUkqV7X"
}
],
"source": {
"advisory": "cisco-sa-meraki-mx-vpn-dos-by-QWUkqV7X",
"discovery": "INTERNAL"
},
"title": "Cisco Meraki MX and Z3 Teleworker Gateway AnyConnect VPN Session Takeover and Denial of Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20509",
"datePublished": "2024-10-02T18:24:42.768Z",
"dateReserved": "2023-11-08T15:08:07.688Z",
"dateUpdated": "2024-10-02T19:51:14.048Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-20499
Vulnerability from cvelistv5
Published
2024-10-02 18:23
Modified
2024-10-02 19:04
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device.
These vulnerabilities are due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to restart, resulting in the failure of the established SSL VPN connections and forcing remote users to initiate a new VPN connection and reauthenticate. A sustained attack could prevent new SSL VPN connections from being established.
Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco Meraki MX Firmware |
Version: N/A |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:cisco:meraki_mx:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "meraki_mx",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:h:cisco:meraki_z1:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "meraki_z1",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20499",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T19:03:30.783849Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T19:04:46.773Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Meraki MX Firmware",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device.\r\n\r\nThese vulnerabilities are due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to restart, resulting in the failure of the established SSL VPN connections and forcing remote users to initiate a new VPN connection and reauthenticate. A sustained attack could prevent new SSL VPN connections from being established.\r\nNote: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention."
}
],
"exploits": [
{
"lang": "en",
"value": "Neither the Cisco Product Security Incident Response Team (PSIRT) nor the Cisco Meraki Incident Response Team is aware of any malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out-of-bounds Write",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T18:23:26.563Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-meraki-mx-vpn-dos-QTRHzG2",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meraki-mx-vpn-dos-QTRHzG2"
}
],
"source": {
"advisory": "cisco-sa-meraki-mx-vpn-dos-QTRHzG2",
"discovery": "INTERNAL"
},
"title": "Cisco Meraki MX and Z3 Teleworker Gateway AnyConnect VPN Denial of Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20499",
"datePublished": "2024-10-02T18:23:26.563Z",
"dateReserved": "2023-11-08T15:08:07.686Z",
"dateUpdated": "2024-10-02T19:04:46.773Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}