CVE-2024-20499

Name of the Vulnerable Software and Affected Versions Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices (affected versions not specified)

Description The issue is due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. An attacker could exploit this by sending a crafted HTTPS request to the VPN server of an affected device, causing the Cisco AnyConnect VPN server to restart. This results in the failure of established SSL VPN connections, forcing remote users to initiate a new VPN connection and reauthenticate. A sustained attack could prevent new SSL VPN connections from being established. The server recovers without manual intervention when the attack traffic stops.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.