Multiple vulnerabilities in Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices



Published: 2024-10-04
Risk High
Patch available YES
Number of vulnerabilities 6
CVE-ID CVE-2024-20498
CVE-2024-20499
CVE-2024-20500
CVE-2024-20501
CVE-2024-20502
CVE-2024-20513
CWE-ID CWE-415
CWE-400
CWE-639
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe 		Meraki MX
Hardware solutions / Firmware

Cisco Meraki MX67W
Hardware solutions / Firmware

Cisco Meraki MX68CW
Hardware solutions / Firmware

Cisco Meraki MX68W
Hardware solutions / Firmware

Cisco Meraki MX64
Hardware solutions / Routers & switches, VoIP, GSM, etc

Cisco Meraki MX64W
Hardware solutions / Routers & switches, VoIP, GSM, etc

Cisco Meraki MX65
Hardware solutions / Routers & switches, VoIP, GSM, etc

Cisco Meraki MX65W
Hardware solutions / Routers & switches, VoIP, GSM, etc

Cisco Meraki MX67
Hardware solutions / Routers & switches, VoIP, GSM, etc

Cisco Meraki MX67C
Hardware solutions / Routers & switches, VoIP, GSM, etc

Cisco Meraki MX68
Hardware solutions / Routers & switches, VoIP, GSM, etc

Cisco Meraki MX75
Hardware solutions / Routers & switches, VoIP, GSM, etc

Cisco Meraki MX84
Hardware solutions / Routers & switches, VoIP, GSM, etc

Cisco Meraki MX85
Hardware solutions / Routers & switches, VoIP, GSM, etc

Cisco Meraki MX95
Hardware solutions / Routers & switches, VoIP, GSM, etc

Cisco Meraki MX100
Hardware solutions / Routers & switches, VoIP, GSM, etc

Cisco Meraki MX105
Hardware solutions / Routers & switches, VoIP, GSM, etc

Cisco Meraki MX250
Hardware solutions / Routers & switches, VoIP, GSM, etc

Cisco Meraki MX400
Hardware solutions / Routers & switches, VoIP, GSM, etc

Cisco Meraki MX450
Hardware solutions / Routers & switches, VoIP, GSM, etc

Cisco Meraki MX600
Hardware solutions / Routers & switches, VoIP, GSM, etc

Cisco Meraki vMX
Hardware solutions / Routers & switches, VoIP, GSM, etc

Cisco Meraki Z3
Hardware solutions / Routers & switches, VoIP, GSM, etc

Cisco Meraki Z3Z3C
Hardware solutions / Routers & switches, VoIP, GSM, etc

Cisco Meraki Z3Z4
Hardware solutions / Routers & switches, VoIP, GSM, etc

Cisco Meraki Z3Z4C
Hardware solutions / Routers & switches, VoIP, GSM, etc

Vendor Cisco Systems, Inc

Security Bulletin

This security bulletin contains information about 6 vulnerabilities.

1) Double free

EUVDB-ID: #VU98026

Risk: High

CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-20498

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. A remote attacker can pass specially crafted data to the application, trigger double free error and cause a denial of service condition on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Meraki MX: 16.2 - 18.0

Cisco Meraki MX64: All versions

Cisco Meraki MX64W: All versions

Cisco Meraki MX65: All versions

Cisco Meraki MX65W: All versions

Cisco Meraki MX67: All versions

Cisco Meraki MX67C: All versions

Cisco Meraki MX67W: All versions

Cisco Meraki MX68: All versions

Cisco Meraki MX68CW: All versions

Cisco Meraki MX68W: All versions

Cisco Meraki MX75: All versions

Cisco Meraki MX84: All versions

Cisco Meraki MX85: All versions

Cisco Meraki MX95: All versions

Cisco Meraki MX100: All versions

Cisco Meraki MX105: All versions

Cisco Meraki MX250: All versions

Cisco Meraki MX400: All versions

Cisco Meraki MX450: All versions

Cisco Meraki MX600: All versions

Cisco Meraki vMX: All versions

Cisco Meraki Z3: All versions

Cisco Meraki Z3Z3C: All versions

Cisco Meraki Z3Z4: All versions

Cisco Meraki Z3Z4C: All versions

CPE2.3 External links

http://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meraki-mx-vpn-dos-QTRHzG2


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Double free

EUVDB-ID: #VU98027

Risk: High

CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-20499

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. A remote attacker can pass specially crafted data to the application, trigger double free error and cause a denial of service condition on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Meraki MX: 16.2 - 18.0

Cisco Meraki MX64: All versions

Cisco Meraki MX64W: All versions

Cisco Meraki MX65: All versions

Cisco Meraki MX65W: All versions

Cisco Meraki MX67: All versions

Cisco Meraki MX67C: All versions

Cisco Meraki MX67W: All versions

Cisco Meraki MX68: All versions

Cisco Meraki MX68CW: All versions

Cisco Meraki MX68W: All versions

Cisco Meraki MX75: All versions

Cisco Meraki MX84: All versions

Cisco Meraki MX85: All versions

Cisco Meraki MX95: All versions

Cisco Meraki MX100: All versions

Cisco Meraki MX105: All versions

Cisco Meraki MX250: All versions

Cisco Meraki MX400: All versions

Cisco Meraki MX450: All versions

Cisco Meraki MX600: All versions

Cisco Meraki vMX: All versions

Cisco Meraki Z3: All versions

Cisco Meraki Z3Z3C: All versions

Cisco Meraki Z3Z4: All versions

Cisco Meraki Z3Z4C: All versions

CPE2.3 External links

http://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meraki-mx-vpn-dos-QTRHzG2


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Resource exhaustion

EUVDB-ID: #VU98029

Risk: Medium

CVSSv3.1: 5.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-20500

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient resource management when establishing TLS/SSL sessions in the Cisco AnyConnect VPN server. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Meraki MX: 16.2 - 18.0

Cisco Meraki MX64: All versions

Cisco Meraki MX64W: All versions

Cisco Meraki MX65: All versions

Cisco Meraki MX65W: All versions

Cisco Meraki MX67: All versions

Cisco Meraki MX67C: All versions

Cisco Meraki MX67W: All versions

Cisco Meraki MX68: All versions

Cisco Meraki MX68CW: All versions

Cisco Meraki MX68W: All versions

Cisco Meraki MX75: All versions

Cisco Meraki MX84: All versions

Cisco Meraki MX85: All versions

Cisco Meraki MX95: All versions

Cisco Meraki MX100: All versions

Cisco Meraki MX105: All versions

Cisco Meraki MX250: All versions

Cisco Meraki MX400: All versions

Cisco Meraki MX450: All versions

Cisco Meraki MX600: All versions

Cisco Meraki vMX: All versions

Cisco Meraki Z3: All versions

Cisco Meraki Z3Z3C: All versions

Cisco Meraki Z3Z4: All versions

Cisco Meraki Z3Z4C: All versions

CPE2.3 External links

http://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meraki-mx-vpn-dos-QTRHzG2


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Double free

EUVDB-ID: #VU98028

Risk: High

CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-20501

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. A remote attacker can pass specially crafted data to the application, trigger double free error and cause a denial of service condition on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Meraki MX: 16.2 - 18.0

Cisco Meraki MX64: All versions

Cisco Meraki MX64W: All versions

Cisco Meraki MX65: All versions

Cisco Meraki MX65W: All versions

Cisco Meraki MX67: All versions

Cisco Meraki MX67C: All versions

Cisco Meraki MX67W: All versions

Cisco Meraki MX68: All versions

Cisco Meraki MX68CW: All versions

Cisco Meraki MX68W: All versions

Cisco Meraki MX75: All versions

Cisco Meraki MX84: All versions

Cisco Meraki MX85: All versions

Cisco Meraki MX95: All versions

Cisco Meraki MX100: All versions

Cisco Meraki MX105: All versions

Cisco Meraki MX250: All versions

Cisco Meraki MX400: All versions

Cisco Meraki MX450: All versions

Cisco Meraki MX600: All versions

Cisco Meraki vMX: All versions

Cisco Meraki Z3: All versions

Cisco Meraki Z3Z3C: All versions

Cisco Meraki Z3Z4: All versions

Cisco Meraki Z3Z4C: All versions

CPE2.3 External links

http://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meraki-mx-vpn-dos-QTRHzG2


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Resource exhaustion

EUVDB-ID: #VU98030

Risk: Medium

CVSSv3.1: 5.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-20502

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient resource management while establishing SSL VPN sessions in the Cisco AnyConnect VPN server. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Meraki MX: 16.2 - 18.0

Cisco Meraki MX64: All versions

Cisco Meraki MX64W: All versions

Cisco Meraki MX65: All versions

Cisco Meraki MX65W: All versions

Cisco Meraki MX67: All versions

Cisco Meraki MX67C: All versions

Cisco Meraki MX67W: All versions

Cisco Meraki MX68: All versions

Cisco Meraki MX68CW: All versions

Cisco Meraki MX68W: All versions

Cisco Meraki MX75: All versions

Cisco Meraki MX84: All versions

Cisco Meraki MX85: All versions

Cisco Meraki MX95: All versions

Cisco Meraki MX100: All versions

Cisco Meraki MX105: All versions

Cisco Meraki MX250: All versions

Cisco Meraki MX400: All versions

Cisco Meraki MX450: All versions

Cisco Meraki MX600: All versions

Cisco Meraki vMX: All versions

Cisco Meraki Z3: All versions

Cisco Meraki Z3Z3C: All versions

Cisco Meraki Z3Z4: All versions

Cisco Meraki Z3Z4C: All versions

CPE2.3 External links

http://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meraki-mx-vpn-dos-QTRHzG2


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Authorization bypass through user-controlled key

EUVDB-ID: #VU98031

Risk: Medium

CVSSv3.1: 5.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-20513

CWE-ID: CWE-639 - Authorization Bypass Through User-Controlled Key

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient entropy for handlers that are used during SSL VPN session establishment in the Cisco AnyConnect VPN server. A remote attacker can send a specially crafted HTTPS request using the brute-forced or predicted session handler and cause a denial of service condition on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Meraki MX: 16.2 - 18.0

Cisco Meraki MX64: All versions

Cisco Meraki MX64W: All versions

Cisco Meraki MX65: All versions

Cisco Meraki MX65W: All versions

Cisco Meraki MX67: All versions

Cisco Meraki MX67C: All versions

Cisco Meraki MX67W: All versions

Cisco Meraki MX68: All versions

Cisco Meraki MX68CW: All versions

Cisco Meraki MX68W: All versions

Cisco Meraki MX75: All versions

Cisco Meraki MX84: All versions

Cisco Meraki MX85: All versions

Cisco Meraki MX95: All versions

Cisco Meraki MX100: All versions

Cisco Meraki MX105: All versions

Cisco Meraki MX250: All versions

Cisco Meraki MX400: All versions

Cisco Meraki MX450: All versions

Cisco Meraki MX600: All versions

Cisco Meraki vMX: All versions

Cisco Meraki Z3: All versions

Cisco Meraki Z3Z3C: All versions

Cisco Meraki Z3Z4: All versions

Cisco Meraki Z3Z4C: All versions

CPE2.3 External links

http://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meraki-mx-vpn-dos-QTRHzG2


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###