High-Level Vulnerabilities Found in Cisco Products

Multiple critical vulnerabilities have been discovered in the Cisco AnyConnect VPN server, affecting Cisco Meraki MX and Z Series Teleworker Gateway devices. These vulnerabilities could allow unauthenticated, remote attackers to cause a Denial of Service (DoS) condition on the affected devices.

The discovered vulnerabilities in the Cisco AnyConnect VPN server may disrupt VPN services. These vulnerabilities could lead to a VPN server restart or block new VPN connections. The most severe vulnerabilities have a CVSS score of 8.6, indicating a high level of risk.

Key Vulnerabilities:

• CVE-2024-20498, CVE-2024-20499, CVE-2024-20501

These vulnerabilities cause a Denial of Service (DoS) condition in the AnyConnect service. Attackers can exploit these vulnerabilities by sending a specially crafted HTTPS request to the VPN server, which results in a VPN server restart and connection failures. The severity level is 8.6 (High).

• CVE-2024-20500

This vulnerability blocks new VPN connections. Attackers can exploit this vulnerability by sending TLS/SSL messages, causing the VPN server to stop accepting new connections. The severity level is 5.8 (Medium).

• CVE-2024-20502

This vulnerability also blocks new VPN connections. Attackers can exploit this vulnerability by sending specially crafted HTTPS requests, causing the VPN server to block new connections. The severity level is 5.8 (Medium).

• CVE-2024-20513

This vulnerability causes a Denial of Service (DoS) condition for targeted users. Attackers can exploit this vulnerability by predicting or brute-forcing session handlers, which results in termination of the targeted VPN sessions. The severity level is 5.8 (Medium). These vulnerabilities could cause issues in Cisco Meraki MX and Z Series Teleworker Gateway devices, and it is crucial to take necessary actions to address them. To limit the attackers’ capabilities and ensure system security, it is important to apply the updates as soon as possible.