A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series devices could allow an authenticated, remote attacker to cause a denial-of-service (DoS) condition in the Cisco AnyConnect service on an affected device.
The advisory emphasizes that βTo exploit this vulnerability, the attacker must have valid VPN user credentials on the affected device.β
This vulnerability exists because a variable is not initialized when an SSL VPN session is established. An attacker could exploit this by supplying crafted attributes while establishing an SSL VPN session, which could cause the Cisco AnyConnect VPN server to restart. A successful exploit could lead to the failure of established SSL VPN sessions and force remote users to initiate a new VPN connection and reauthenticate. βA sustained attack could prevent new SSL VPN connections from being established,β the advisory warns.
The advisory also notes that βWhen the attack traffic stops, the Cisco AnyConnect VPN server recovers without manual intervention.β
Affected Products and Mitigation
The vulnerability affects Cisco Meraki MX and Z Series devices running vulnerable firmware with Cisco AnyConnect VPN enabled.
To determine whether Cisco AnyConnect VPN is enabled, administrators can log in to the Dashboard and check the Client VPN settings.
Cisco has also released software updates to address this vulnerability. Users should consult the advisory for the specific fixed releases for their firmware version.