CVE-2022-20933
Severity
8.6HIGH
EPSS
0.5%
top 35.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedOct 26
Description
A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z3 Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. An attacker could exploit this vulnerability by crafting a malicious request and sending it to the affected device. A successful exploit could al…
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 3.9 | Impact: 4.0
Affected Packages22 packages
🔴Vulnerability Details
3GHSA▶
GHSA-9vrx-xfr3-hfjj: A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z3 Teleworker Gateway devices could allow an unauthenticated, r↗2022-10-26