Vulnslist

find the latest Cisco vulnerabilities

Cisco Meraki MX and Z Series Teleworker Gateway AnyConnect VPN Session Takeover and Denial of Service Vulnerability

cisco-sa-meraki-mx-vpn-dos-by-QWUkqV7X · Medium · Published · Updated

A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to hijack an AnyConnect VPN session or cause a denial of service (DoS) condition for individual users of the AnyConnect VPN service on an affected device. This vulnerability is due to weak entropy for handlers that are used during the VPN authentication process as well as a race condition that exists in the same process. An attacker could exploit this vulnerability by correctly guessing an authentication handler and then sending crafted HTTPS requests to an affected device. A successful exploit could allow the attacker to take over the AnyConnect VPN session from a target user or prevent the target user from establishing an AnyConnect VPN session with the affected device. Cisco Meraki has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meraki-mx-vpn-dos-by-QWUkqV7X

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address this vulnerability. Cisco Meraki recommends that administrators upgrade devices to a fixed software release.

However, disabling Cisco AnyConnect VPN will remove the attack vector for the vulnerability that is described in this advisory.

While this mitigation has been deployed and was proven successful in a test environment, customers should determine the applicability and effectiveness in their own environment and under their own use conditions. Customers should be aware that any workaround or mitigation that is implemented may negatively impact the functionality or performance of their network based on intrinsic customer deployment scenarios and limitations. Customers should not deploy any workarounds or mitigations before first evaluating the applicability to their own environment and any impact to such environment.

CVEsCVE-2024-20509
Cisco Bug IDsNA
CVSS ScoreBase 5.8
Base 5.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L/E:X/RL:X/RC:X
Product Names From Source
Cisco Meraki MX Firmware

Related Products

Product CVE Evidence
Cisco RV Series Routers CVE-2024-20509 Cisco OpenVuln
Cisco Nexus Dashboard CVE-2024-20509 Cisco OpenVuln
Cisco Meraki Z4 teleworker gateways CVE-2024-20509 Cisco OpenVuln
Cisco Meraki MX security and SD-WAN appliances CVE-2024-20509 Cisco OpenVuln
Cisco Meraki Dashboard / Meraki firmware CVE-2024-20509 Cisco OpenVuln
Cisco Meraki MX Firmware CVE-2024-20509 Cisco OpenVuln