Headline
CVE-2022-20933: Cisco Security Advisory: Cisco Meraki MX and Z3 Teleworker Gateway VPN Denial of Service Vulnerability
A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z3 Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. An attacker could exploit this vulnerability by crafting a malicious request and sending it to the affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to crash and restart, resulting in the failure of the established SSL VPN connections and forcing remote users to initiate a new VPN connection and re-authenticate. A sustained attack could prevent new SSL VPN connections from being established. Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention. Cisco Meraki has released software updates that address this vulnerability.
This vulnerability affects the following Cisco Meraki products if they are running a vulnerable release of Cisco Meraki MX firmware and have Cisco AnyConnect VPN enabled:
- MX64
- MX64W
- MX65
- MX65W
- MX67
- MX67CW
- MX67W
- MX68
- MX68CW
- MX68W
- MX75
- MX84
- MX85
- MX95
- MX100
- MX105
- MX250
- MX400
- MX450
- MX600
- vMX
- Z3C
- Z3
Note: Cisco AnyConnect VPN is supported on Cisco Meraki MX Series and Cisco Meraki Z3 Teleworker Gateway devices that run Cisco Meraki MX firmware releases 16.2 and later, except for Cisco Meraki MX64 and MX65, which support Cisco AnyConnect VPN only if they are running Cisco Meraki MX firmware releases 17.6 and later.
For information about which Cisco software releases are vulnerable, see the Fixed Software section of this advisory.
Determine the Device Configuration
Determine Whether Cisco AnyConnect VPN Is Enabled on Cisco Meraki MX Devices
To determine whether Cisco AnyConnect VPN is enabled on a Cisco Meraki MX device, complete the following steps:
- Log in to the Dashboard.
- Choose Security Appliance > Configure > Client VPN in the combined view.
- Choose the AnyConnect Settings tab.
If the Enabled radio button is selected, the device is configured to support Cisco AnyConnect VPN.
If the Cisco AnyConnect Settings tab is not displayed, or if the Disabled radio button is selected, the device is not impacted by the vulnerability described in this advisory.
Determine Whether Cisco AnyConnect VPN Is Enabled on Cisco Meraki Z3 Teleworker Gateway Devices
To determine whether Cisco AnyConnect VPN is enabled on Cisco Meraki Z3 Teleworker Gateway devices, complete the following steps:
- Log in to the Dashboard.
- Choose Teleworker gateway > Configure > Client VPN in the combined view.
- Choose the AnyConnect Settings tab.
If the Enabled radio button is selected, the device is configured to support Cisco AnyConnect VPN.
If the Cisco AnyConnect Settings tab is not displayed, or if the Disabled radio button is selected, the device is not impacted by the vulnerability described in this advisory.
Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability.
Cisco has confirmed that this vulnerability does not affect the following Cisco products:
- Meraki MX 60
- Meraki MX 80
- Meraki MX 90
- Meraki Z1
- Adaptive Security Appliance (ASA) Software
- Firepower Threat Defense (FTD) Software
- IOS Software
- IOS XE Software
Related news
Categories: Exploits and vulnerabilities Categories: News Tags: Cisco Tags: Identity Services Engine Tags: AnyConnect VPN server Tags: CVE-2022-20822 Tags: CVE-2022-20959 Tags: CVE-2022-20933 Tags: input validation Cisco's latest security advisory includes a vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) that could allow an attacker to read and delete files. (Read more...) The post Cisco warns of ISE vulnerability with no fixed release or workaround appeared first on Malwarebytes Labs.