CVE-2025-20212 (GCVE-0-2025-20212)
Vulnerability from cvelistv5
Published
2025-04-02 16:15
Modified
2025-04-02 16:39
Severity ?
7.7 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CWE
  • CWE-457 - Use of Uninitialized Variable
Summary
A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series devices could allow an authenticated, remote attacker to cause a denial of service (DoS) condition in the Cisco AnyConnect service on an affected device. To exploit this vulnerability, the attacker must have valid VPN user credentials on the affected device. This vulnerability exists because a variable is not initialized when an SSL VPN session is established. An attacker could exploit this vulnerability by supplying crafted attributes while establishing an SSL VPN session with an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to restart, resulting in the failure of the established SSL VPN sessions and forcing remote users to initiate a new VPN connection and reauthenticate. A sustained attack could prevent new SSL VPN connections from being established. Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers without manual intervention.
References
Impacted products
Vendor Product Version
Cisco Cisco Meraki MX Firmware Version: 16.2
Version: 16.3
Version: 16.4
Version: 16.5
Version: 16.6
Version: 17.3
Version: 17.6
Version: 17.7
Version: 17.8
Version: 17.9
Version: 17.10
Version: 18.1
Version: 18.2
Version: 19.1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-20212",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-02T16:34:22.896705Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-02T16:39:47.443Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Meraki MX Firmware",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "16.2"
            },
            {
              "status": "affected",
              "version": "16.3"
            },
            {
              "status": "affected",
              "version": "16.4"
            },
            {
              "status": "affected",
              "version": "16.5"
            },
            {
              "status": "affected",
              "version": "16.6"
            },
            {
              "status": "affected",
              "version": "17.3"
            },
            {
              "status": "affected",
              "version": "17.6"
            },
            {
              "status": "affected",
              "version": "17.7"
            },
            {
              "status": "affected",
              "version": "17.8"
            },
            {
              "status": "affected",
              "version": "17.9"
            },
            {
              "status": "affected",
              "version": "17.10"
            },
            {
              "status": "affected",
              "version": "18.1"
            },
            {
              "status": "affected",
              "version": "18.2"
            },
            {
              "status": "affected",
              "version": "19.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series devices could allow an authenticated, remote attacker to cause a denial of service (DoS) condition in the Cisco AnyConnect service on an affected device. To exploit this vulnerability, the attacker must have valid VPN user credentials on the affected device.\r\n\r This vulnerability exists because a variable is not initialized when an SSL VPN session is established. An attacker could exploit this vulnerability by supplying crafted attributes while establishing an SSL VPN session with an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to restart, resulting in the failure of the established SSL VPN sessions and forcing remote users to initiate a new VPN connection and reauthenticate. A sustained attack could prevent new SSL VPN connections from being established.\r\n\r Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers without manual intervention."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-457",
              "description": "Use of Uninitialized Variable",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-02T16:15:40.815Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-meraki-mx-vpn-dos-vNRpDvfb",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meraki-mx-vpn-dos-vNRpDvfb"
        }
      ],
      "source": {
        "advisory": "cisco-sa-meraki-mx-vpn-dos-vNRpDvfb",
        "defects": [
          "CSCwk81017"
        ],
        "discovery": "INTERNAL"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2025-20212",
    "datePublished": "2025-04-02T16:15:40.815Z",
    "dateReserved": "2024-10-10T19:15:13.231Z",
    "dateUpdated": "2025-04-02T16:39:47.443Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-20212\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-02T16:34:22.896705Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-02T16:34:30.986Z\"}}], \"cna\": {\"source\": {\"defects\": [\"CSCwk81017\"], \"advisory\": \"cisco-sa-meraki-mx-vpn-dos-vNRpDvfb\", \"discovery\": \"INTERNAL\"}, \"metrics\": [{\"format\": \"cvssV3_1\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 7.7, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"Cisco\", \"product\": \"Cisco Meraki MX Firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"16.2\"}, {\"status\": \"affected\", \"version\": \"16.3\"}, {\"status\": \"affected\", \"version\": \"16.4\"}, {\"status\": \"affected\", \"version\": \"16.5\"}, {\"status\": \"affected\", \"version\": \"16.6\"}, {\"status\": \"affected\", \"version\": \"17.3\"}, {\"status\": \"affected\", \"version\": \"17.6\"}, {\"status\": \"affected\", \"version\": \"17.7\"}, {\"status\": \"affected\", \"version\": \"17.8\"}, {\"status\": \"affected\", \"version\": \"17.9\"}, {\"status\": \"affected\", \"version\": \"17.10\"}, {\"status\": \"affected\", \"version\": \"18.1\"}, {\"status\": \"affected\", \"version\": \"18.2\"}, {\"status\": \"affected\", \"version\": \"19.1\"}]}], \"exploits\": [{\"lang\": \"en\", \"value\": \"The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.\"}], \"references\": [{\"url\": \"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meraki-mx-vpn-dos-vNRpDvfb\", \"name\": \"cisco-sa-meraki-mx-vpn-dos-vNRpDvfb\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series devices could allow an authenticated, remote attacker to cause a denial of service (DoS) condition in the Cisco AnyConnect service on an affected device. To exploit this vulnerability, the attacker must have valid VPN user credentials on the affected device.\\r\\n\\r This vulnerability exists because a variable is not initialized when an SSL VPN session is established. An attacker could exploit this vulnerability by supplying crafted attributes while establishing an SSL VPN session with an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to restart, resulting in the failure of the established SSL VPN sessions and forcing remote users to initiate a new VPN connection and reauthenticate. A sustained attack could prevent new SSL VPN connections from being established.\\r\\n\\r Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers without manual intervention.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"cwe\", \"cweId\": \"CWE-457\", \"description\": \"Use of Uninitialized Variable\"}]}], \"providerMetadata\": {\"orgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"shortName\": \"cisco\", \"dateUpdated\": \"2025-04-02T16:15:40.815Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-20212\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-02T16:39:47.443Z\", \"dateReserved\": \"2024-10-10T19:15:13.231Z\", \"assignerOrgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"datePublished\": \"2025-04-02T16:15:40.815Z\", \"assignerShortName\": \"cisco\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.