Cisco AnyConnect VPN Serveremon, Remote Users Vulnerable to DoS Attacks
CVE-2024-20501

7.5HIGH

Key Information:

Vendor: Cisco
Status: Cisco Meraki Mx Firmware
Vendor: CVE Published:; 2 October 2024

Badges

👾 Exploit Exists

What is CVE-2024-20501?

Multiple vulnerabilities identified in the Cisco AnyConnect VPN service of Cisco Meraki MX and Z Series devices can allow an unauthenticated remote attacker to create a Denial of Service (DoS) condition. These vulnerabilities stem from inadequate validation of parameters provided by clients during the establishment of SSL VPN sessions. An attacker can exploit these weaknesses by sending specially crafted HTTPS requests to the VPN server, resulting in a potential restart of the Cisco AnyConnect service. This restart disrupts existing SSL VPN connections, requiring remote users to reconnect and reauthenticate. Persistent attack traffic may lead to an inability to establish new VPN connections. Fortunately, the Cisco AnyConnect VPN server can recover autonomously once the attack ceases, without requiring any manual intervention.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Cisco Meraki MX Firmware

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit known to exist
Jun 4, 2025
Vulnerability published
Oct 2, 2024
Vulnerability Reserved
Nov 8, 2023

JSON

Cisco

Badges

What is CVE-2024-20501?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.