CVE-2022-20933 - Vulnerability Details

A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z3 Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. An attacker could exploit this vulnerability by crafting a malicious request and sending it to the affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to crash and restart, resulting in the failure of the established SSL VPN connections and forcing remote users to initiate a new VPN connection and re-authenticate. A sustained attack could prevent new SSL VPN connections from being established. Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention. Cisco Meraki has released software updates that address this vulnerability.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00463.

Exploitation none

Automatable yes

Technical Impact partial

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Cisco

Cisco Meraki MX Firmware

affected

Version	Status	Constraints
`n/a`	affected	—

Configuration 1 [-]

AND

OR	cpe:2.3:o:cisco:meraki_mx64_firmware::::::::
	cpe:2.3:o:cisco:meraki_mx64_firmware::::::::

cpe:2.3:h:cisco:meraki_mx64:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

OR	cpe:2.3:o:cisco:meraki_mx64w_firmware::::::::
	cpe:2.3:o:cisco:meraki_mx64w_firmware::::::::

cpe:2.3:h:cisco:meraki_mx64w:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

OR	cpe:2.3:o:cisco:meraki_mx65_firmware::::::::
	cpe:2.3:o:cisco:meraki_mx65_firmware::::::::

cpe:2.3:h:cisco:meraki_mx65:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

OR	cpe:2.3:o:cisco:meraki_mx65w_firmware::::::::
	cpe:2.3:o:cisco:meraki_mx65w_firmware::::::::

cpe:2.3:h:cisco:meraki_mx65w:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

OR	cpe:2.3:o:cisco:meraki_mx67_firmware::::::::
	cpe:2.3:o:cisco:meraki_mx67_firmware::::::::

cpe:2.3:h:cisco:meraki_mx67:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

OR	cpe:2.3:o:cisco:meraki_mx67cw_firmware::::::::
	cpe:2.3:o:cisco:meraki_mx67cw_firmware::::::::

cpe:2.3:h:cisco:meraki_mx67cw:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

OR	cpe:2.3:o:cisco:meraki_mx67w_firmware::::::::
	cpe:2.3:o:cisco:meraki_mx67w_firmware::::::::

cpe:2.3:h:cisco:meraki_mx67w:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

OR	cpe:2.3:o:cisco:meraki_mx68_firmware::::::::
	cpe:2.3:o:cisco:meraki_mx68_firmware::::::::

cpe:2.3:h:cisco:meraki_mx68:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

OR	cpe:2.3:o:cisco:meraki_mx68cw_firmware::::::::
	cpe:2.3:o:cisco:meraki_mx68cw_firmware::::::::

cpe:2.3:h:cisco:meraki_mx68cw:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

OR	cpe:2.3:o:cisco:meraki_mx68w_firmware::::::::
	cpe:2.3:o:cisco:meraki_mx68w_firmware::::::::

cpe:2.3:h:cisco:meraki_mx68w:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

OR	cpe:2.3:o:cisco:meraki_mx75_firmware::::::::
	cpe:2.3:o:cisco:meraki_mx75_firmware::::::::

cpe:2.3:h:cisco:meraki_mx75:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

OR	cpe:2.3:o:cisco:meraki_mx84_firmware::::::::
	cpe:2.3:o:cisco:meraki_mx84_firmware::::::::

cpe:2.3:h:cisco:meraki_mx84:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

OR	cpe:2.3:o:cisco:meraki_mx85_firmware::::::::
	cpe:2.3:o:cisco:meraki_mx85_firmware::::::::

cpe:2.3:h:cisco:meraki_mx85:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

OR	cpe:2.3:o:cisco:meraki_mx95_firmware::::::::
	cpe:2.3:o:cisco:meraki_mx95_firmware::::::::

cpe:2.3:h:cisco:meraki_mx95:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

OR	cpe:2.3:o:cisco:meraki_mx100_firmware::::::::
	cpe:2.3:o:cisco:meraki_mx100_firmware::::::::

cpe:2.3:h:cisco:meraki_mx100:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

OR	cpe:2.3:o:cisco:meraki_mx105_firmware::::::::
	cpe:2.3:o:cisco:meraki_mx105_firmware::::::::

cpe:2.3:h:cisco:meraki_mx105:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

OR	cpe:2.3:o:cisco:meraki_mx250_firmware::::::::
	cpe:2.3:o:cisco:meraki_mx250_firmware::::::::

cpe:2.3:h:cisco:meraki_mx250:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

OR	cpe:2.3:o:cisco:meraki_mx400_firmware::::::::
	cpe:2.3:o:cisco:meraki_mx400_firmware::::::::

cpe:2.3:h:cisco:meraki_mx400:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

OR	cpe:2.3:o:cisco:meraki_mx450_firmware::::::::
	cpe:2.3:o:cisco:meraki_mx450_firmware::::::::

cpe:2.3:h:cisco:meraki_mx450:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

OR	cpe:2.3:o:cisco:meraki_mx600_firmware::::::::
	cpe:2.3:o:cisco:meraki_mx600_firmware::::::::

cpe:2.3:h:cisco:meraki_mx600:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

OR	cpe:2.3:o:cisco:meraki_vmx_firmware::::::::
	cpe:2.3:o:cisco:meraki_vmx_firmware::::::::

cpe:2.3:h:cisco:meraki_vmx:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:cisco:meraki_z3c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cisco:meraki_z3c:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND

cpe:2.3:o:cisco:meraki_z3_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cisco:meraki_z3:-:*:*:*:*:*:*:*

No data.

Project Subscriptions

Vendors	Products
Cisco Subscribe	Meraki Mx100 Subscribe Meraki Mx100 Firmware Subscribe Meraki Mx105 Subscribe Meraki Mx105 Firmware Subscribe Meraki Mx250 Subscribe Meraki Mx250 Firmware Subscribe Meraki Mx400 Subscribe Meraki Mx400 Firmware Subscribe Meraki Mx450 Subscribe Meraki Mx450 Firmware Subscribe Meraki Mx600 Subscribe Meraki Mx600 Firmware Subscribe Meraki Mx64 Subscribe Meraki Mx64 Firmware Subscribe Meraki Mx64w Subscribe Meraki Mx64w Firmware Subscribe Meraki Mx65 Subscribe Meraki Mx65 Firmware Subscribe Meraki Mx65w Subscribe Meraki Mx65w Firmware Subscribe Meraki Mx67 Subscribe Meraki Mx67 Firmware Subscribe Meraki Mx67cw Subscribe Meraki Mx67cw Firmware Subscribe Meraki Mx67w Subscribe Meraki Mx67w Firmware Subscribe Meraki Mx68 Subscribe Meraki Mx68 Firmware Subscribe Meraki Mx68cw Subscribe Meraki Mx68cw Firmware Subscribe Meraki Mx68w Subscribe Meraki Mx68w Firmware Subscribe Meraki Mx75 Subscribe Meraki Mx75 Firmware Subscribe Meraki Mx84 Subscribe Meraki Mx84 Firmware Subscribe Meraki Mx85 Subscribe Meraki Mx85 Firmware Subscribe Meraki Mx95 Subscribe Meraki Mx95 Firmware Subscribe Meraki Vmx Subscribe Meraki Vmx Firmware Subscribe Meraki Z3 Subscribe Meraki Z3 Firmware Subscribe Meraki Z3c Subscribe Meraki Z3c Firmware Subscribe

Advisories

Source	ID	Title
EUVD	EUVD-2022-26183	A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z3 Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. An attacker could exploit this vulnerability by crafting a malicious request and sending it to the affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to crash and restart, resulting in the failure of the established SSL VPN connections and forcing remote users to initiate a new VPN connection and re-authenticate. A sustained attack could prevent new SSL VPN connections from being established. Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention. Cisco Meraki has released software updates that address this vulnerability.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meraki-mx-vpn-dos-vnESbgBf

History

Fri, 01 Nov 2024 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2022-10-26T14:00:34.721945Z

Updated: 2024-11-01T18:48:56.789Z

Reserved: 2021-11-02T00:00:00

Link: CVE-2022-20933

Vulnrichment

Updated: 2024-08-03T02:31:57.978Z

NVD

Status : Modified

Published: 2022-10-26T15:15:14.713

Modified: 2024-11-21T06:43:51.123

Link: CVE-2022-20933

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable yes

Technical Impact partial

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object