CVE-2024-20502

A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to insufficient resource management while establishing SSL VPN sessions. An attacker could exploit this vulnerability by sending a series of crafted HTTPS requests to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to stop accepting new connections, preventing new SSL VPN connections from being established. Existing SSL VPN sessions are not impacted. Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention.

Severity	MEDIUM
CVSS	5.8
EPSS	-
CWE	CWE-400
KEV
Published	1 year ago
Modified	11 months ago

Related Products

Product	Advisory
Cisco Meraki MX Firmware	cisco-sa-meraki-mx-vpn-dos-QTRHzG2
Cisco Meraki MX security and SD-WAN appliances	cisco-sa-meraki-mx-vpn-dos-QTRHzG2
Cisco Meraki Z4 teleworker gateways	cisco-sa-meraki-mx-vpn-dos-QTRHzG2
Cisco Meraki Dashboard / Meraki firmware	cisco-sa-meraki-mx-vpn-dos-QTRHzG2