Meraki Community

PhilipDAth

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meraki-mx-vpn...

Summary
Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition to the AnyConnect VPN service on an affected device.

For more information about these vulnerabilities, see the Details section of this advisory.

Cisco Meraki has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.

Sam_Adams

Do you know which release fixes this for the MX64s? The MX64s cannot run on the 18.20X Firmware versions and are stuck on 18.10X.

Mloraditch

18.211.2 seems to be linked to 18.107.10 for common fixes so I would suspect that but hopefully someone can clarify.

PhilipDAth

I have sent an inquiry to someone more knowledgeable to see if I can get a definitive answer.

PhilipDAth

It looks like there will be an MX64 firmware with a fix, but that firmware has not been released yet.

Meraki Community

Cisco Meraki MX and Z Series Teleworker Gateway AnyConnect VPN Denial of Service Vulnerabilities

Cisco Meraki MX and Z Series Teleworker Gateway AnyConnect VPN Denial of Service Vulnerabilities