Cyber Resilience

CVE-2024-20498

High

Published: 02 October 2024

Published
02 October 2024
Modified
04 June 2025
KEV Added
Patch
CVSS Score v3.1 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
EPSS Score 0.0047 64.8th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-20498 is a high-severity Double Free (CWE-415) vulnerability in Cisco Meraki Mx65 Firmware. Its CVSS base score is 8.6 (High).

Operationally, ranked in the top 35.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device. These…

more

vulnerabilities are due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to restart, resulting in the failure of the established SSL VPN connections and forcing remote users to initiate a new VPN connection and reauthenticate. A sustained attack could prevent new SSL VPN connections from being established. Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

cisco
meraki mx65 firmware
17.6.0 — 18.211.2
cisco
meraki mx64 firmware
17.6.0 — 18.211.2
cisco
meraki z4c firmware
16.2 — 18.211.2
cisco
meraki z4 firmware
16.2 — 18.211.2
cisco
meraki z3c firmware
16.2 — 18.211.2
cisco
meraki z3 firmware
16.2 — 18.211.2
cisco
meraki vmx firmware
16.2 — 18.211.2
cisco
meraki mx600 firmware
16.2 — 18.211.2
cisco
meraki mx450 firmware
16.2 — 18.211.2
cisco
meraki mx400 firmware
16.2 — 18.211.2
+15 more product configuration(s) — see NVD for full list

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References