Vulnslist

find the latest Cisco vulnerabilities

Cisco Meraki MX and Z Series Teleworker Gateway AnyConnect VPN Denial of Service Vulnerabilities

cisco-sa-meraki-mx-vpn-dos-QTRHzG2 · High · Published · Updated

Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition to the AnyConnect VPN service on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Cisco Meraki has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meraki-mx-vpn-dos-QTRHzG2

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address these vulnerabilities.

Cisco Meraki recommends that administrators upgrade devices to a fixed software release. However, as a mitigation to these vulnerabilities, disabling Cisco AnyConnect VPN will remove the attack vector for the vulnerabilities that are described in this advisory.

While this mitigation has been deployed and were proven successful in a test environment, customers should determine the applicability and effectiveness in their own environment and under their own use conditions. Customers should be aware that any workaround or mitigation that is implemented may negatively impact the functionality or performance of their network based on intrinsic customer deployment scenarios and limitations. Customers should not deploy any workarounds or mitigations before first evaluating the applicability to their own environment and any impact to such environment.

CVEsCVE-2024-20498, CVE-2024-20499, CVE-2024-20500, CVE-2024-20501, CVE-2024-20502, CVE-2024-20513
Cisco Bug IDsNA
CVSS ScoreBase 8.6
Base 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:X/RL:X/RC:X
Base 5.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L/E:X/RL:X/RC:X
Product Names From Source
Cisco Meraki MX Firmware

Related Products

Product CVE Evidence
Cisco RV Series Routers CVE-2024-20513 Cisco OpenVuln
Cisco RV Series Routers CVE-2024-20502 Cisco OpenVuln
Cisco RV Series Routers CVE-2024-20501 Cisco OpenVuln
Cisco RV Series Routers CVE-2024-20500 Cisco OpenVuln
Cisco RV Series Routers CVE-2024-20499 Cisco OpenVuln
Cisco RV Series Routers CVE-2024-20498 Cisco OpenVuln
Cisco Nexus Dashboard CVE-2024-20513 Cisco OpenVuln
Cisco Nexus Dashboard CVE-2024-20502 Cisco OpenVuln
Cisco Nexus Dashboard CVE-2024-20501 Cisco OpenVuln
Cisco Nexus Dashboard CVE-2024-20500 Cisco OpenVuln
Cisco Nexus Dashboard CVE-2024-20499 Cisco OpenVuln
Cisco Nexus Dashboard CVE-2024-20498 Cisco OpenVuln
Cisco Meraki Z4 teleworker gateways CVE-2024-20513 Cisco OpenVuln
Cisco Meraki Z4 teleworker gateways CVE-2024-20502 Cisco OpenVuln
Cisco Meraki Z4 teleworker gateways CVE-2024-20501 Cisco OpenVuln
Cisco Meraki Z4 teleworker gateways CVE-2024-20500 Cisco OpenVuln
Cisco Meraki Z4 teleworker gateways CVE-2024-20499 Cisco OpenVuln
Cisco Meraki Z4 teleworker gateways CVE-2024-20498 Cisco OpenVuln
Cisco Meraki MX security and SD-WAN appliances CVE-2024-20513 Cisco OpenVuln
Cisco Meraki MX security and SD-WAN appliances CVE-2024-20502 Cisco OpenVuln
Cisco Meraki MX security and SD-WAN appliances CVE-2024-20501 Cisco OpenVuln
Cisco Meraki MX security and SD-WAN appliances CVE-2024-20500 Cisco OpenVuln
Cisco Meraki MX security and SD-WAN appliances CVE-2024-20499 Cisco OpenVuln
Cisco Meraki MX security and SD-WAN appliances CVE-2024-20498 Cisco OpenVuln
Cisco Meraki Dashboard / Meraki firmware CVE-2024-20513 Cisco OpenVuln
Cisco Meraki Dashboard / Meraki firmware CVE-2024-20502 Cisco OpenVuln
Cisco Meraki Dashboard / Meraki firmware CVE-2024-20501 Cisco OpenVuln
Cisco Meraki Dashboard / Meraki firmware CVE-2024-20500 Cisco OpenVuln
Cisco Meraki Dashboard / Meraki firmware CVE-2024-20499 Cisco OpenVuln
Cisco Meraki Dashboard / Meraki firmware CVE-2024-20498 Cisco OpenVuln
Cisco Meraki MX Firmware CVE-2024-20513 Cisco OpenVuln
Cisco Meraki MX Firmware CVE-2024-20502 Cisco OpenVuln
Cisco Meraki MX Firmware CVE-2024-20501 Cisco OpenVuln
Cisco Meraki MX Firmware CVE-2024-20500 Cisco OpenVuln
Cisco Meraki MX Firmware CVE-2024-20499 Cisco OpenVuln
Cisco Meraki MX Firmware CVE-2024-20498 Cisco OpenVuln