CVE-2024-20513

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Oct 2, 2024
Updated: Oct 8, 2024
CWE ID 639

Summary

CVE-2024-20513 is a vulnerability that affects the Cisco AnyConnect VPN server on Cisco Meraki MX and Meraki Z Series Teleworker Gateway devices, allowing an unauthenticated remote attacker to initiate a denial of service (DoS) condition for users of the AnyConnect service. This issue arises from inadequate entropy in session handler management during SSL VPN session establishment, which attackers can exploit through brute force or by predicting valid session handlers. Successful exploitation could result in the termination of active SSL VPN sessions, compelling users to reconnect. To remediate this vulnerability, it is recommended that organizations apply patches and updates provided by Cisco to mitigate the risk. The vulnerability has a medium base severity score of 5.3, indicating potential risks to availability without affecting confidentiality or integrity.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share