Detections
Analytics

Cisco Meraki 16.2 / 17 / 18.1 < 18.1.07.12 / 18.2 < 18.2.11.2 Multiple Vulnerabilities (cisco-sa-meraki-mx-vpn-dos-QTRHzG2)

high Nessus Plugin ID 241198

Language:

Synopsis

The remote Cisco Meraki device is potentially missing one or more security-related updates.

Description

The version of the remote Cisco Meraki device is 16.2, 17, 18.1 prior to 18.1.07.12, or 18.2 prior to 18.2.11.2. It is, therefore, potentially affected by multiple vulnerabilities as referenced in the cisco-sa-meraki-mx-vpn-dos-QTRHzG2 advisory, including:

 - Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device. These vulnerabilities are due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to restart, resulting in the failure of the established SSL VPN connections and forcing remote users to initiate a new VPN connection and reauthenticate. A sustained attack could prevent new SSL VPN connections from being established. Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention. (CVE-2024-20498, CVE-2024-20499, CVE-2024-20501)

 - A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device. This vulnerability is due to insufficient resource management when establishing TLS/SSL sessions. An attacker could exploit this vulnerability by sending a series of crafted TLS/SSL messages to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to stop accepting new connections, preventing new SSL VPN connections from being established. Existing SSL VPN sessions are not impacted. Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention. (CVE-2024-20500)

 - A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to insufficient resource management while establishing SSL VPN sessions. An attacker could exploit this vulnerability by sending a series of crafted HTTPS requests to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to stop accepting new connections, preventing new SSL VPN connections from being established. Existing SSL VPN sessions are not impacted. Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention. (CVE-2024-20502)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Cisco Meraki version 18.1.07.12 or 18.2.11.2 or later.

See Also

http://www.nessus.org/u?c96e4ff7

Plugin Details

Severity: High

ID: 241198

File Name: cisco_meraki_cisco-sa-meraki-mx-vpn-dos-QTRHzG2.nasl

Version: 1.2

Type: remote

Family: CISCO

Published: 7/2/2025

Updated: 7/2/2025

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: High

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS Score Source: CVE-2024-20498

CVSS v3

Risk Factor: High

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Vulnerability Information

CPE: cpe:/h:cisco:meraki

Required KB Items: Settings/ParanoidReport, installed_sw/Cisco Meraki

Patch Publication Date: 10/2/2024

Vulnerability Publication Date: 10/2/2024

Reference Information

CVE: CVE-2024-20498, CVE-2024-20499, CVE-2024-20500, CVE-2024-20501, CVE-2024-20502, CVE-2024-20513