CVE-2024-20500

MEDIUM

Cisco Meraki MX and Z Series Firmware 16.2-18.211.2 - Unauthenticated Denial of Service via TLS/SSL Session Flood

Title source: llm

Description

A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device. This vulnerability is due to insufficient resource management when establishing TLS/SSL sessions. An attacker could exploit this vulnerability by sending a series of crafted TLS/SSL messages to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to stop accepting new connections, preventing new SSL VPN connections from being established. Existing SSL VPN sessions are not impacted. Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention.

References (1)

Core 1

Core References

Vendor Advisory

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meraki-mx-vpn-dos-QTRHzG2

Scores

CVSS v3 5.8

EPSS 0.0036

EPSS Percentile 58.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-400

Status published

Products (25)

cisco/meraki_mx100_firmware 16.2 - 18.211.2

cisco/meraki_mx105_firmware 16.2 - 18.211.2

cisco/meraki_mx250_firmware 16.2 - 18.211.2

cisco/meraki_mx400_firmware 16.2 - 18.211.2

cisco/meraki_mx450_firmware 16.2 - 18.211.2

cisco/meraki_mx600_firmware 16.2 - 18.211.2

cisco/meraki_mx64_firmware 17.6.0 - 18.211.2

cisco/meraki_mx64w_firmware 16.2 - 18.211.2

cisco/meraki_mx65_firmware 17.6.0 - 18.211.2

cisco/meraki_mx65w_firmware 16.2 - 18.211.2

... and 15 more

Published Oct 02, 2024

Tracked Since Feb 18, 2026