At the time of publication, this vulnerability affected the following Cisco Meraki products if they were running a vulnerable release of Cisco Meraki MX firmware and had Cisco AnyConnect VPN enabled:
- MX64
- MX64W
- MX65
- MX65W
- MX67
- MX67C
- MX67W
|
- MX68
- MX68CW
- MX68W
- MX75
- MX84
- MX85
- MX95
|
- MX100
- MX105
- MX250
- MX400
- MX450
- MX600
- vMX
|
|
Note: Cisco AnyConnect VPN is supported on Cisco Meraki MX Series and Cisco Meraki Z Series Teleworker Gateway devices that run Cisco Meraki MX firmware releases 16.2 and later, except for Cisco Meraki MX64 and MX65, which support Cisco AnyConnect VPN only if they are running Cisco Meraki MX firmware releases 17.6 and later.
For information about which Cisco software releases were vulnerable at the time of publication, see the Fixed Software section of this advisory.
Determine Whether Cisco AnyConnect VPN Is Enabled on Cisco Meraki MX Devices
To determine whether Cisco AnyConnect VPN is enabled on a Cisco Meraki MX device, complete the following steps:
- Log in to the Dashboard.
- Choose Security Appliance > Configure > Client VPN in the combined view.
- Choose the AnyConnect Settings tab.
If the Enabled radio button is selected, the device is configured to support Cisco AnyConnect VPN.
If the Cisco AnyConnect Settings tab is not displayed, or if the Disabled radio button is selected, the device is not impacted by this vulnerability.
Determine Whether Cisco AnyConnect VPN Is Enabled on Cisco Meraki Z Series Teleworker Gateway Devices
To determine whether Cisco AnyConnect VPN is enabled on a Cisco Meraki MX device, complete the following steps:
- Log in to the Dashboard.
- Choose Teleworker gateway > Configure > Client VPN in the combined view.
- Choose the AnyConnect Settings tab.
If the Enabled radio button is selected, the device is configured to support Cisco AnyConnect VPN.
If the Cisco AnyConnect Settings tab is not displayed, or if the Disabled radio button is selected, the device is not impacted by this vulnerability.
Only products listed in the Vulnerable Products section of this advisory are known to be affected by these vulnerabilities.
Cisco has confirmed that these vulnerabilities do not affect the following Cisco products:
- Meraki Z1
- Adaptive Security Appliance (ASA) Software
- Firepower Threat Defense (FTD) Software
- IOS Software
- IOS XE Software