Cisco addresses two (2) critical and two (2) high severity vulnerabilities in Meraki AnyConnect VPN, Smart Licensing Utility, and Enterprise Chat and Email products. The critical flaws are tracked as CVE-2024- 20439, & CVE-2024-20440 (CVSS: 9.8 [Cisco Rating]) – ‘Static Credential’ & ‘Information Disclosure’ vulnerabilities in Cisco Smart Licensing Utility.

The high-severity flaws are tracked as CVE-2025-20212 (CVSS: 7.7 [Cisco Rating]) – ‘Denial of Service’ vulnerability in in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series devices, and CVE-2025-20139 (CVSS: 7.5 [Cisco Rating]) – ‘Denial of Service’ vulnerability in in chat messaging features of Cisco Enterprise Chat and Email (ECE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.

Impact

Successful exploitation of the CVE-2024-20439, & CVE-2024-20440 could allow a threat actor to log in to affected system with administrative privileges over the API of the Cisco Smart Licensing Utility application, and obtain log files that contains sensitive data, including API credentials.

Successful exploitation of the CVE-2025-20212 could allow a threat actor to cause the Cisco AnyConnect VPN server to restart, resulting in the failure of the established SSL VPN sessions and forcing remote users to initiate a new VPN connection and reauthenticate. A sustained attack could prevent new SSL VPN connections from being established.

Successful exploitation of the CVE-2025-20139 could allow a threat actor to cause the application to stop responding, resulting in a DoS condition. The application may not recover on its own and may need an administrator to manually restart services to recover.

CVSS v3 BASE SCORE

AFFECTED PRODUCT/ SOFTWARE

Cisco Smart License Utility Release 2.0.0, 2.1.0, and 2.2.0
Cisco Meraki MX Firmware Release 16.2, 17, 18.1, 18.2, and 19.1
Cisco Meraki MX64 and MX65 are affected only when they are running Cisco Meraki MX firmware releases 17.6 and later,
Cisco Enterprise Chat and Email Release Earlier than 12.5, and 12.6

EXISTENCE OF PUBLIC EXPLOIT

☒ Yes ☐ No

EXPLOIT STATUS

Is the vulnerability actively being exploited? 
☒ Yes ☐ No

In March 2025, the Cisco Product Security Incident Response Team (PSIRT) became aware of attempted exploitation of CVE-2024-20439 & CVE-2024-20440 in the wild. Cisco continues to strongly recommend that customers upgrade to a fixed software release to remediate this vulnerability.

MITIGATION

Patch Available? ☒ Yes ☐ No    
Workaround Available? ☐ Yes ☒ No
Cisco released patches to mitigate the vulnerabilities and requesting admins to upgrade to latest releases. Details are available here, here, and here.

FURTHER INFORMATION
At the time of writing, there have been reports of exploitation of CVE-2024-20439 & CVE-2024-20440.

CPX-TIC recommend customers to act quickly and apply the patches to mitigate any potential threats.

At CPX, our Threat Intelligence team provides 24x7 monitoring and proactive threat intelligence to safeguard some of the UAE’s largest enterprises.

With deep visibility into evolving cyber threat landscape, we are among the first to detect and respond to emerging threats. Stay informed with our latest threat advisories, delivering timely insights to help you stay ahead of cyber risks.

REFERENCES

1.https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cslu- 7gHMzWmw

2.https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meraki-mx- vpn-dos-vNRpDvfb

3.https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-dos- tC6m9GZ8