Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-20500

A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device. This vulnerability is due to insufficient resource management when establishing TLS/SSL sessions. An attacker could exploit this vulnerability by sending a series of crafted TLS/SSL messages to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to stop accepting new connections, preventing new SSL VPN connections from being established. Existing SSL VPN sessions are not impacted. Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention.

Published

2024-10-02T19:15:14.350

Last Modified

2025-06-04T21:15:36.527

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.8 (MEDIUM)

Weaknesses

Type: Secondary
CWE-400
Type: Primary
CWE-400

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	cisco	meraki_z4c_firmware	< 18.211.2	Yes
Hardware	cisco	meraki_z4c	-	No
Operating System	cisco	meraki_z4_firmware	< 18.211.2	Yes
Hardware	cisco	meraki_z4	-	No
Operating System	cisco	meraki_z3c_firmware	< 18.211.2	Yes
Hardware	cisco	meraki_z3c	-	No
Operating System	cisco	meraki_z3_firmware	< 18.211.2	Yes
Hardware	cisco	meraki_z3	-	No
Operating System	cisco	meraki_vmx_firmware	< 18.211.2	Yes
Hardware	cisco	meraki_vmx	-	No
Operating System	cisco	meraki_mx600_firmware	< 18.211.2	Yes
Hardware	cisco	meraki_mx600	-	No
Operating System	cisco	meraki_mx450_firmware	< 18.211.2	Yes
Hardware	cisco	meraki_mx450	-	No
Operating System	cisco	meraki_mx400_firmware	< 18.211.2	Yes
Hardware	cisco	meraki_mx400	-	No
Operating System	cisco	meraki_mx250_firmware	< 18.211.2	Yes
Hardware	cisco	meraki_mx250	-	No
Operating System	cisco	meraki_mx105_firmware	< 18.211.2	Yes
Hardware	cisco	meraki_mx105	-	No
Operating System	cisco	meraki_mx100_firmware	< 18.211.2	Yes
Hardware	cisco	meraki_mx100	-	No
Operating System	cisco	meraki_mx95_firmware	< 18.211.2	Yes
Hardware	cisco	meraki_mx95	-	No
Operating System	cisco	meraki_mx85_firmware	< 18.211.2	Yes
Hardware	cisco	meraki_mx85	-	No
Operating System	cisco	meraki_mx84_firmware	< 18.211.2	Yes
Hardware	cisco	meraki_mx84	-	No
Operating System	cisco	meraki_mx75_firmware	< 18.211.2	Yes
Hardware	cisco	meraki_mx75	-	No
Operating System	cisco	meraki_mx68w_firmware	< 18.211.2	Yes
Hardware	cisco	meraki_mx68w	-	No
Operating System	cisco	meraki_mx68cw_firmware	< 18.211.2	Yes
Hardware	cisco	meraki_mx68cw	-	No
Operating System	cisco	meraki_mx68_firmware	< 18.211.2	Yes
Hardware	cisco	meraki_mx68	-	No
Operating System	cisco	meraki_mx67w_firmware	< 18.211.2	Yes
Hardware	cisco	meraki_mx67w	-	No
Operating System	cisco	meraki_mx67c_firmware	< 18.211.2	Yes
Hardware	cisco	meraki_mx67c	-	No
Operating System	cisco	meraki_mx67_firmware	< 18.211.2	Yes
Hardware	cisco	meraki_mx67	-	No
Operating System	cisco	meraki_mx65w_firmware	< 18.211.2	Yes
Hardware	cisco	meraki_mx65w	-	No
Operating System	cisco	meraki_mx65_firmware	< 18.211.2	Yes
Hardware	cisco	meraki_mx65	-	No
Operating System	cisco	meraki_mx64w_firmware	< 18.211.2	Yes
Hardware	cisco	meraki_mx64w	-	No
Operating System	cisco	meraki_mx64_firmware	≤ 18.211.2	Yes
Hardware	cisco	meraki_mx64	-	No

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meraki-mx-vpn-dos-QTRHzG2 Vendor Advisory ([email protected])