Advisory Published

cisco-sa-meraki-mx-vpn-dos-vNRpDvfb: Cisco Meraki MX and Z Series AnyConnect VPN Denial of Service Vulnerability

First published: Wed Apr 02 2025(Updated: )

A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series devices could allow an authenticated, remote attacker to cause a denial of service (DoS) condition in the Cisco AnyConnect service on an affected device. To exploit this vulnerability, the attacker must have valid VPN user credentials on the affected device.This vulnerability exists because a variable is not initialized when an SSL VPN session is established. An attacker could exploit this vulnerability by supplying crafted attributes while establishing an SSL VPN session with an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to restart, resulting in the failure of the established SSL VPN sessions and forcing remote users to initiate a new VPN connection and reauthenticate. A sustained attack could prevent new SSL VPN connections from being established.Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers without manual intervention.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meraki-mx-vpn-dos-vNRpDvfb

Affected SoftwareAffected VersionHow to fix
Cisco AnyConnect Secure
Cisco Meraki MX
Cisco Meraki Z Series

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of cisco-sa-meraki-mx-vpn-dos-vNRpDvfb?

    The cisco-sa-meraki-mx-vpn-dos-vNRpDvfb vulnerability is considered to have a high severity due to its potential to cause a denial of service.

  • How do I fix cisco-sa-meraki-mx-vpn-dos-vNRpDvfb?

    To remediate the cisco-sa-meraki-mx-vpn-dos-vNRpDvfb vulnerability, apply the latest firmware updates from Cisco for affected devices.

  • Who is affected by cisco-sa-meraki-mx-vpn-dos-vNRpDvfb?

    The cisco-sa-meraki-mx-vpn-dos-vNRpDvfb vulnerability affects users of Cisco AnyConnect VPN, Cisco Meraki MX, and Cisco Meraki Z Series devices.

  • What are the potential impacts of cisco-sa-meraki-mx-vpn-dos-vNRpDvfb?

    Exploiting cisco-sa-meraki-mx-vpn-dos-vNRpDvfb can lead to a denial of service condition, disrupting the VPN services for users.

  • Is authentication required to exploit cisco-sa-meraki-mx-vpn-dos-vNRpDvfb?

    Yes, an authenticated remote attacker must exploit the cisco-sa-meraki-mx-vpn-dos-vNRpDvfb vulnerability to trigger a denial of service.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203