Cisco Meraki MX and Z Series Teleworker Gateway AnyConnect VPN Denial of Service Vulnerabilities

PhilipDAth
Kind of a big deal
Kind of a big deal

Cisco Meraki MX and Z Series Teleworker Gateway AnyConnect VPN Denial of Service Vulnerabilities

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meraki-mx-vpn...

 

Summary
Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition to the AnyConnect VPN service on an affected device.

 

For more information about these vulnerabilities, see the Details section of this advisory.

 

Cisco Meraki has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.

4 Replies 4
Sam_Adams
New here

Do you know which release fixes this for the MX64s? The MX64s cannot run on the 18.20X Firmware versions and are stuck on 18.10X.

Mloraditch
A model citizen

18.211.2 seems to be linked to 18.107.10 for common fixes so I would suspect that but hopefully someone can clarify.

PhilipDAth
Kind of a big deal
Kind of a big deal

I have sent an inquiry to someone more knowledgeable to see if I can get a definitive answer.

PhilipDAth
Kind of a big deal
Kind of a big deal

It looks like there will be an MX64 firmware with a fix, but that firmware has not been released yet.

Get notified when there are additional replies to this discussion.