CVE-2024-20500

Published: Oct 2, 2024Modified: Jun 4, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device. This vulnerability is due to insufficient resource management when establishing TLS/SSL sessions. An attacker could exploit this vulnerability by sending a series of crafted TLS/SSL messages to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to stop accepting new connections, preventing new SSL VPN connections from being established. Existing SSL VPN sessions are not impacted. Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention.

Affected (25)

25 products

Meraki Mx600 Firmware

Meraki Mx450 Firmware

Meraki Mx400 Firmware

Meraki Mx250 Firmware

Meraki Mx105 Firmware

Meraki Mx100 Firmware

Meraki Mx68w Firmware

Meraki Mx68cw Firmware

Meraki Mx68 Firmware

Meraki Mx67w Firmware

Meraki Mx67c Firmware

Meraki Mx67 Firmware

Meraki Mx65w Firmware

Meraki Mx65 Firmware

Meraki Mx64w Firmware

Meraki Mx64 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Meraki Z4c Firmware	From 16.2 to 18.211.2

Running on/with	Platform Versions
Cisco Meraki Z4c	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Meraki Z4 Firmware	From 16.2 to 18.211.2

Running on/with	Platform Versions
Cisco Meraki Z4	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Meraki Z3c Firmware	From 16.2 to 18.211.2

Running on/with	Platform Versions
Cisco Meraki Z3c	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Meraki Z3 Firmware	From 16.2 to 18.211.2

Running on/with	Platform Versions
Cisco Meraki Z3	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Meraki Vmx Firmware	From 16.2 to 18.211.2

Running on/with	Platform Versions
Cisco Meraki Vmx	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Meraki Mx600 Firmware	From 16.2 to 18.211.2

Running on/with	Platform Versions
Cisco Meraki Mx600	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Meraki Mx450 Firmware	From 16.2 to 18.211.2

Running on/with	Platform Versions
Cisco Meraki Mx450	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Meraki Mx400 Firmware	From 16.2 to 18.211.2

Running on/with	Platform Versions
Cisco Meraki Mx400	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Meraki Mx250 Firmware	From 16.2 to 18.211.2

Running on/with	Platform Versions
Cisco Meraki Mx250	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Meraki Mx105 Firmware	From 16.2 to 18.211.2

Running on/with	Platform Versions
Cisco Meraki Mx105	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Meraki Mx100 Firmware	From 16.2 to 18.211.2

Running on/with	Platform Versions
Cisco Meraki Mx100	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Meraki Mx95 Firmware	From 16.2 to 18.211.2

Running on/with	Platform Versions
Cisco Meraki Mx95	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Meraki Mx85 Firmware	From 16.2 to 18.211.2

Running on/with	Platform Versions
Cisco Meraki Mx85	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Meraki Mx84 Firmware	From 16.2 to 18.211.2

Running on/with	Platform Versions
Cisco Meraki Mx84	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Meraki Mx75 Firmware	From 16.2 to 18.211.2

Running on/with	Platform Versions
Cisco Meraki Mx75	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Meraki Mx68w Firmware	From 16.2 to 18.211.2

Running on/with	Platform Versions
Cisco Meraki Mx68w	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Meraki Mx68cw Firmware	From 16.2 to 18.211.2

Running on/with	Platform Versions
Cisco Meraki Mx68cw	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Meraki Mx68 Firmware	From 16.2 to 18.211.2

Running on/with	Platform Versions
Cisco Meraki Mx68	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Meraki Mx67w Firmware	From 16.2 to 18.211.2

Running on/with	Platform Versions
Cisco Meraki Mx67w	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Meraki Mx67c Firmware	From 16.2 to 18.211.2

Running on/with	Platform Versions
Cisco Meraki Mx67c	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Meraki Mx67 Firmware	From 16.2 to 18.211.2

Running on/with	Platform Versions
Cisco Meraki Mx67	All versions

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Meraki Mx65w Firmware	From 16.2 to 18.211.2

Running on/with	Platform Versions
Cisco Meraki Mx65w	All versions

Configuration W

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Meraki Mx65 Firmware	From 17.6.0 to 18.211.2

Running on/with	Platform Versions
Cisco Meraki Mx65	All versions

Configuration X

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Meraki Mx64w Firmware	From 16.2 to 18.211.2

Running on/with	Platform Versions
Cisco Meraki Mx64w	All versions

Configuration Y

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Meraki Mx64 Firmware	From 17.6.0 to 18.211.2

Running on/with	Platform Versions
Cisco Meraki Mx64	All versions

Related CWEs

CWE-400

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (1)

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meraki-mx-vpn-dos-QTRHzG2

Source: psirt@cisco.com

Vendor Advisory

Timeline

No history available yet.