Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-20513

A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition for targeted users of the AnyConnect service on an affected device. This vulnerability is due to insufficient entropy for handlers that are used during SSL VPN session establishment. An unauthenticated attacker could exploit this vulnerability by brute forcing valid session handlers. An authenticated attacker could exploit this vulnerability by connecting to the AnyConnect VPN service of an affected device to retrieve a valid session handler and, based on that handler, predict further valid session handlers. The attacker would then send a crafted HTTPS request using the brute-forced or predicted session handler to the AnyConnect VPN server of the device. A successful exploit could allow the attacker to terminate targeted SSL VPN sessions, forcing remote users to initiate new VPN connections and reauthenticate.

Published

2024-10-02T19:15:15.210

Last Modified

2025-06-04T21:15:37.183

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.8 (MEDIUM)

Weaknesses

Type: Secondary
CWE-639
Type: Primary
CWE-639

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	cisco	meraki_mx65_firmware	< 18.211.2	Yes
Hardware	cisco	meraki_mx65	-	No
Operating System	cisco	meraki_mx64_firmware	< 18.211.2	Yes
Hardware	cisco	meraki_mx64	-	No
Operating System	cisco	meraki_z4c_firmware	< 18.211.2	Yes
Hardware	cisco	meraki_z4c	-	No
Operating System	cisco	meraki_z4_firmware	< 18.211.2	Yes
Hardware	cisco	meraki_z4	-	No
Operating System	cisco	meraki_z3c_firmware	< 18.211.2	Yes
Hardware	cisco	meraki_z3c	-	No
Operating System	cisco	meraki_z3_firmware	< 18.211.2	Yes
Hardware	cisco	meraki_z3	-	No
Operating System	cisco	meraki_vmx_firmware	< 18.211.2	Yes
Hardware	cisco	meraki_vmx	-	No
Operating System	cisco	meraki_mx600_firmware	< 18.211.2	Yes
Hardware	cisco	meraki_mx600	-	No
Operating System	cisco	meraki_mx450_firmware	< 18.211.2	Yes
Hardware	cisco	meraki_mx450	-	No
Operating System	cisco	meraki_mx400_firmware	< 18.211.2	Yes
Hardware	cisco	meraki_mx400	-	No
Operating System	cisco	meraki_mx250_firmware	< 18.211.2	Yes
Hardware	cisco	meraki_mx250	-	No
Operating System	cisco	meraki_mx105_firmware	< 18.211.2	Yes
Hardware	cisco	meraki_mx105	-	No
Operating System	cisco	meraki_mx100_firmware	< 18.211.2	Yes
Hardware	cisco	meraki_mx100	-	No
Operating System	cisco	meraki_mx95_firmware	< 18.211.2	Yes
Hardware	cisco	meraki_mx95	-	No
Operating System	cisco	meraki_mx85_firmware	< 18.211.2	Yes
Hardware	cisco	meraki_mx85	-	No
Operating System	cisco	meraki_mx84_firmware	< 18.211.2	Yes
Hardware	cisco	meraki_mx84	-	No
Operating System	cisco	meraki_mx75_firmware	< 18.211.2	Yes
Hardware	cisco	meraki_mx75	-	No
Operating System	cisco	meraki_mx68w_firmware	< 18.211.2	Yes
Hardware	cisco	meraki_mx68w	-	No
Operating System	cisco	meraki_mx68cw_firmware	< 18.211.2	Yes
Hardware	cisco	meraki_mx68cw	-	No
Operating System	cisco	meraki_mx68_firmware	< 18.211.2	Yes
Hardware	cisco	meraki_mx68	-	No
Operating System	cisco	meraki_mx67w_firmware	< 18.211.2	Yes
Hardware	cisco	meraki_mx67w	-	No
Operating System	cisco	meraki_mx67c_firmware	< 18.211.2	Yes
Hardware	cisco	meraki_mx67c	-	No
Operating System	cisco	meraki_mx67_firmware	< 18.211.2	Yes
Hardware	cisco	meraki_mx67	-	No
Operating System	cisco	meraki_mx65w_firmware	< 18.211.2	Yes
Hardware	cisco	meraki_mx65w	-	No
Operating System	cisco	meraki_mx64w_firmware	< 18.211.2	Yes
Hardware	cisco	meraki_mx64w	-	No

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meraki-mx-vpn-dos-QTRHzG2 Vendor Advisory ([email protected])