Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.6
CVSSv3

CVE-2022-20933

Published: 26/10/2022 Updated: 07/11/2023
CVSS v3 Base Score: 8.6 | Impact Score: 4 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Meraki Mx64 Firmware

Vulnerability Summary

A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z3 Teleworker Gateway devices could allow an unauthenticated, remote malicious user to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. An attacker could exploit this vulnerability by crafting a malicious request and sending it to the affected device. A successful exploit could allow the malicious user to cause the Cisco AnyConnect VPN server to crash and restart, resulting in the failure of the established SSL VPN connections and forcing remote users to initiate a new VPN connection and re-authenticate. A sustained attack could prevent new SSL VPN connections from being established. Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention. Cisco Meraki has released software updates that address this vulnerability.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

cisco meraki_mx64_firmware

cisco meraki_mx64w_firmware

cisco meraki_mx65_firmware

cisco meraki_mx65w_firmware

cisco meraki_mx67_firmware

cisco meraki_mx67cw_firmware

cisco meraki_mx67w_firmware

cisco meraki_mx68_firmware

cisco meraki_mx68cw_firmware

cisco meraki_mx68w_firmware

cisco meraki_mx75_firmware

cisco meraki_mx84_firmware

cisco meraki_mx85_firmware

cisco meraki_mx95_firmware

cisco meraki_mx100_firmware

cisco meraki_mx105_firmware

cisco meraki_mx250_firmware

cisco meraki_mx400_firmware

cisco meraki_mx450_firmware

cisco meraki_mx600_firmware

cisco meraki_vmx_firmware

cisco meraki_z3c_firmware -

cisco meraki_z3_firmware -

Vendor Advisories

Cisco: Cisco Meraki MX and Z3 Teleworker Gateway VPN Denial of Service Vulnerability
A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z3 Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device This vulnerability is due to insufficient validation of client-supplied parameters while establishing an SSL VPN sess ...

References

NVD-CWE-Otherhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meraki-mx-vpn-dos-vnESbgBfhttps://nvd.nist.govhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meraki-mx-vpn-dos-vnESbgBf
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907hardcodedinjectCVE-2024-20359CVE-2024-2467CVE-2024-4077CVE-2024-22391cameraCVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook