SB2024100414 - Multiple vulnerabilities in Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices
Published: October 4, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 6 vulnerabilities.
1) Double free (CVE-ID: CVE-2024-20498)
CWE-ID: CWE-415 - Double Free
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. A remote attacker can pass specially crafted data to the application, trigger double free error and cause a denial of service condition on the target system.
2) Double free (CVE-ID: CVE-2024-20499)
CWE-ID: CWE-415 - Double Free
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. A remote attacker can pass specially crafted data to the application, trigger double free error and cause a denial of service condition on the target system.
3) Resource exhaustion (CVE-ID: CVE-2024-20500)
CWE-ID: CWE-400 - Resource exhaustion
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient resource management when establishing TLS/SSL sessions in the Cisco AnyConnect VPN server. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
4) Double free (CVE-ID: CVE-2024-20501)
CWE-ID: CWE-415 - Double Free
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. A remote attacker can pass specially crafted data to the application, trigger double free error and cause a denial of service condition on the target system.
5) Resource exhaustion (CVE-ID: CVE-2024-20502)
CWE-ID: CWE-400 - Resource exhaustion
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient resource management while establishing SSL VPN sessions in the Cisco AnyConnect VPN server. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
6) Authorization bypass through user-controlled key (CVE-ID: CVE-2024-20513)
CWE-ID: CWE-639 - Authorization Bypass Through User-Controlled Key
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient entropy for handlers that are used during SSL VPN session establishment in the Cisco AnyConnect VPN server. A remote attacker can send a specially crafted HTTPS request using the brute-forced or predicted session handler and cause a denial of service condition on the target system.
Remediation
Install update from vendor's website.