Cyber Security News

Cisco AnyConnect VPN Server Vulnerability Allows Attackers to Trigger DoS

Cisco has disclosed a significant vulnerability in its AnyConnect VPN Server for Meraki MX and Z Series devices, allowing authenticated attackers to trigger denial-of-service (DoS) conditions.

The flaw (CVE-2025-20212) stems from an uninitialized variable during SSL VPN session establishment and affects over 20 hardware models across enterprise networks.

Vulnerability Overview

Exploiting this bug requires valid VPN credentials. Attackers can craft malicious attributes during session setup, forcing the VPN service to restart and disrupting active SSL VPN connections.

Sustained attacks could block new VPN sessions entirely, though services resume automatically after malicious traffic stops.

Affected Products

MX SeriesZ Series
MX64, MX64WZ3, Z3C
MX65, MX65WZ4, Z4C
MX67, MX67C, MX67W
MX68, MX68CW, MX68W
MX75, MX84, MX85
MX95, MX100, MX105
MX250, MX400, MX450
MX600, vMX

Mitigation Steps

  1. Verify AnyConnect VPN Status:
    • Dashboard > Security & SD-WAN (MX) or Teleworker Gateway (Z Series) > Client VPN > AnyConnect Settings.
    • Disabled configurations are not vulnerable.
  2. Update Firmware:
    • MX/Z Series: Migrate to fixed versions (e.g., 18.107.12 for 18.1, 19.1.4 for 19.1).
    • Critical: MX400/MX600 users must replace hardware or isolate vulnerable devices.
  3. Monitor Sessions:
    • Watch for repeated VPN reconnections or unexplained service restarts.

Technical Analysis

  • CWE-457: Uninitialized variable in SSL VPN session handling.
  • Attack Vector: Network-based (AV:N) with low complexity (AC:L).
  • Impact: High Availability risk (A:H) but no data compromise (C:N/I:N).

Fixed Releases

Firmware BranchFirst Fixed Version
18.118.107.12
18.218.211.4
19.119.1.4

Cisco has confirmed that there are no workarounds for this issue, and only upgrading to a fixed release can resolve the vulnerability.

Administrators are advised to monitor their deployments carefully and upgrade affected Meraki devices promptly to ensure continued secure and reliable VPN functionality. Further details and firmware best practices can be found in Cisco’s official advisory.

Find this News Interesting! Follow us on Google NewsLinkedIn, & X to Get Instant Updates!

Divya

Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Leave a Comment
Share
Published by
Divya
Tags: cyber securityCyber Security NewsVulnerability
3 days ago

Recent Posts

Hack The box “Ghost” Challenge Cracked – A Detailed Technical Exploit

Cybersecurity researcher "0xdf" has cracked the "Ghost" challenge on Hack The Box (HTB), a premier…

4 hours ago

Sec-Gemini v1 – Google’s New AI Model for Cybersecurity Threat Intelligence

Google has unveiled Sec-Gemini v1, an AI model designed to redefine cybersecurity operations by empowering…

5 hours ago

U.S. Secures Extradition of Rydox Cybercrime Marketplace Admins from Kosovo in Major International Operation

The United States has successfully extradited two Kosovo nationals, Ardit Kutleshi, 26, and Jetmir Kutleshi,…

10 hours ago

Ivanti Fully Patched Connect Secure RCE Vulnerability That Actively Exploited in the Wild

Ivanti has issued an urgent security advisory for CVE-2025-22457, a critical vulnerability impacting Ivanti Connect…

2 days ago

Beware! Weaponized Job Recruitment Emails Spreading BeaverTail and Tropidoor Malware

A concerning malware campaign was disclosed by the AhnLab Security Intelligence Center (ASEC), revealing how…

2 days ago

EncryptHub Ransomware Uncovered Through ChatGPT Use and OPSEC Failures

EncryptHub, a rapidly evolving cybercriminal entity, has come under intense scrutiny following revelations of operational…

2 days ago