CVE-2024-20509

CVSS 3.1 Score 5.8 of 10 (medium)

Details

Published Oct 2, 2024

Updated: Oct 8, 2024

CWE ID 362

Summary

CVE-2024-20509 is a vulnerability affecting Cisco AnyConnect VPN servers on Cisco Meraki MX and Z Series Teleworker Gateway devices, which may allow an unauthenticated remote attacker to hijack a VPN session or cause a denial of service (DoS) for users. This issue arises from weak entropy in the authentication process and a race condition, enabling exploitation via crafted HTTPS requests. Successful exploitation can lead to session takeover or hinder users from establishing VPN connections. Organizations are advised to implement recommended patches from Cisco to remediate this vulnerability. The exploitability score is rated at 3.9, with a base severity classified as medium, indicating potential risks to network availability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database