7.7
CVE-2025-20212
- EPSS 0.13%
- Veröffentlicht 02.04.2025 17:15:44
- Zuletzt bearbeitet 07.04.2025 14:18:49
- Quelle psirt@cisco.com
- Teams Watchlist Login
- Unerledigt Login
A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series devices could allow an authenticated, remote attacker to cause a denial of service (DoS) condition in the Cisco AnyConnect service on an affected device. To exploit this vulnerability, the attacker must have valid VPN user credentials on the affected device. This vulnerability exists because a variable is not initialized when an SSL VPN session is established. An attacker could exploit this vulnerability by supplying crafted attributes while establishing an SSL VPN session with an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to restart, resulting in the failure of the established SSL VPN sessions and forcing remote users to initiate a new VPN connection and reauthenticate. A sustained attack could prevent new SSL VPN connections from being established. Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers without manual intervention.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerCisco
≫
Produkt
Cisco Meraki MX Firmware
Version
16.2
Status
affected
Version
16.3
Status
affected
Version
16.4
Status
affected
Version
16.5
Status
affected
Version
16.6
Status
affected
Version
17.3
Status
affected
Version
17.6
Status
affected
Version
17.7
Status
affected
Version
17.8
Status
affected
Version
17.9
Status
affected
Version
17.10
Status
affected
Version
18.1
Status
affected
Version
18.2
Status
affected
Version
19.1
Status
affected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.13% | 0.331 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@cisco.com | 7.7 | 3.1 | 4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
|
CWE-457 Use of Uninitialized Variable
The code uses a variable that has not been initialized, leading to unpredictable or unintended results.