Cisco AnyConnect VPN Server Under Attack: A Potential Denial of Service Vulnerability
CVE-2024-20500

7.5HIGH

Key Information:

Vendor: Cisco
Status: Cisco Meraki Mx Firmware
Vendor: CVE Published:; 2 October 2024

Summary

A vulnerability affecting the Cisco AnyConnect VPN server in Cisco Meraki MX and Z Series Teleworker Gateway devices allows unauthenticated, remote attackers to trigger a Denial of Service (DoS) condition. This issue arises from inadequate resource management when handling TLS/SSL sessions. By sending specially crafted TLS/SSL messages to the VPN server, an attacker can exploit this vulnerability, causing the server to cease accepting new connections. While existing SSL VPN sessions remain functional, the inability to establish new connections can severely impact network access for users. Importantly, once the attack traffic ceases, the Cisco AnyConnect VPN server can recover on its own without requiring manual intervention.

Affected Version(s)

Cisco Meraki MX Firmware

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 2, 2024
Vulnerability Reserved
Nov 8, 2023