CVE-2022-20933

Name of the Vulnerable Software and Affected Versions Cisco Meraki MX and Cisco Meraki Z3 Teleworker Gateway devices (affected versions not specified)

Description A vulnerability in the Cisco AnyConnect VPN server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This issue is due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. An attacker could exploit this by crafting a malicious request and sending it to the affected device, causing the Cisco AnyConnect VPN server to crash and restart. This results in the failure of established SSL VPN connections, forcing remote users to initiate a new VPN connection and re-authenticate. A sustained attack could prevent new SSL VPN connections from being established. When the attack traffic stops, the Cisco AnyConnect VPN server recovers without requiring manual intervention.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.