Cisco AnyConnect VPN Serveremon, Remote Users Vulnerable to DoS Attacks

CVE-2024-20501

Summary

Multiple vulnerabilities identified in the Cisco AnyConnect VPN service of Cisco Meraki MX and Z Series devices can allow an unauthenticated remote attacker to create a Denial of Service (DoS) condition. These vulnerabilities stem from inadequate validation of parameters provided by clients during the establishment of SSL VPN sessions. An attacker can exploit these weaknesses by sending specially crafted HTTPS requests to the VPN server, resulting in a potential restart of the Cisco AnyConnect service. This restart disrupts existing SSL VPN connections, requiring remote users to reconnect and reauthenticate. Persistent attack traffic may lead to an inability to establish new VPN connections. Fortunately, the Cisco AnyConnect VPN server can recover autonomously once the attack ceases, without requiring any manual intervention.

References