Hi,   There are two new high CVEs for Cisco SecureClient:   CVE-2024-20337: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-client-crlf-W43V4G7  and CVE-2024-20338: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-privesc-sYxQO6ds   Remediation requires updating clients with version 5.1.2.42 or higher. When I log into my MX, I see version 5.1.1.42 being available.   Since we don't have a service contract with Cisco, we are not able to download or even purchase the updated version.   When will Meraki update the link so we can update our AnyConnect client software?   Thanks, Ken ... View more

I'm trying to do something that this link says I should be able to do - restrict VPN clients from accessing certain resources on a local VLAN. https://documentation.meraki.com/MX/Client_VPN/Restricting_Client_VPN_access_using_Layer_3_firewall_rules   This documentation appears to be incorrect. At least for AnyConnect VPN clients. I have applied L3 firewall rules to deny all access from my VPN subnet to a VLAN subnet and to deny all access from the VLAN subnet to my VPN subnet. Yet I can access a web server on the VLAN subnet from a client on the VPN. I also tried blocking access from a single VPN IP address to a single server (and Exchange server). I can send and receive email through the "blocked" exchange server.   Other people have posted that these rules should be applied on the site-to-site VPN page, and I have tired that, but can still VPN clients have full access to everything on the LAN no matter what L3 firewall rules are in place.   Using an MX84 (18.107.2) and AnyConnect VPN clients.   Is this a known security flaw? It seems like a giant hole.   Has anyone been able to block access to any LAN resources from an AnyConnect VPN client? ... View more