How severe is CVE-2024-20509?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.9 out of 10.

What type of vulnerability is CVE-2024-20509?

This is classified as CWE-362, which is a common weakness in software security.

CVE-2024-20509

MEDIUM Year: 2024

CVSS v3 Score

5.9

Medium

Weakness Type

CWE-362

View all →

Vulnerability Description

A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to hijack an AnyConnect VPN session or cause a denial of service (DoS) condition for individual users of the AnyConnect VPN service on an affected device. This vulnerability is due to weak entropy for handlers that are used during the VPN authentication process as well as a race condition that exists in the same process. An attacker could exploit this vulnerability by correctly guessing an authentication handler and then sending crafted HTTPS requests to an affected device. A successful exploit could allow the attacker to take over the AnyConnect VPN session from a target user or prevent the target user from establishing an AnyConnect VPN session with the affected device.

CVE-2007-4774

MEDIUM

CVSS:5.9(Medium)

The Linux kernel before 2.4.36-rc1 has a race condition. It was possible to bypass systrace policies by flooding the ptraced process with SIGCONT signals, which can can wake up a PTRACED process.

CWE-3622007

CVE-2010-0021

MEDIUM

CVSS:5.9(Medium)

Multiple race conditions in the SMB implementation in the Server service in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allow remote attackers to c...

CWE-3622010

CVE-2012-3552

MEDIUM

CVSS:5.9(Medium)

Race condition in the IP implementation in the Linux kernel before 3.0 might allow remote attackers to cause a denial of service (slab corruption and system crash) by sending packets to an application...

CWE-3622012

CVE-2014-0245

MEDIUM

CVSS:5.9(Medium)

It was found that the implementation of the GTNSubjectCreatingInterceptor class in gatein-wsrp was not thread safe. For a specific WSRP endpoint, under high-concurrency scenarios or scenarios where SO...

CWE-3622014

CVE-2015-6569

MEDIUM

CVSS:5.9(Medium)

Race condition in the LoadBalancer module in the Atlassian Floodlight Controller before 1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and thread crash) via a state...

CWE-3622015

CVE-2016-10027

MEDIUM

CVSS:5.9(Medium)

Race condition in the XMPP library in Smack before 4.1.9, when the SecurityMode.required TLS setting has been set, allows man-in-the-middle attackers to bypass TLS protections and trigger use of clear...

CWE-3622016

CVE-2024-20509

Vulnerability Description

Related Vulnerabilities

CVE-2007-4774

CVE-2010-0021

CVE-2012-3552

CVE-2014-0245

CVE-2015-6569

CVE-2016-10027