Cisco ASA clientless SSL VPN denial of service vulnerability

2007-05-03T00:00:00
ID VU:337508
Type cert
Reporter CERT
Modified 2007-05-04T00:00:00

Description

Overview

The Cisco ASA firewall's SSL VPN component contains an denial-of-service vulnerability.

Description

The Cisco Adaptive Security Appliance (ASA) is firewall that includes routing, intrusion prevention system (IPS), and VPN components. The clientless SSL VPN allows remote users with a web browser to connect to internal web sites by tunneling an HTTPS session through the ASA.

The ASA's SSL VPN component contains a denial of service vulnerability.

Per Cisco Security Advisory cisco-sa-20070502-asa:

A successful attack must exploit a race condition in the processing non-standard SSL sessions and may result in a reload of the device.


Impact

A remote unauthenticated attacker may be able to to create a denial-of-service condition. Note that any systems that rely on the affected device would also be affected.


Solution

Upgrade