Cisco IOS Software contains a vulnerability that could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on a targeted system.
The vulnerability is due to an unspecified issue that causes a device running the vulnerable software to reload when the web browser reloads the SSL VPN portal page. An authenticated, remote attacker could exploit this vulnerability by using a web browser to refresh the SSL VPN portal page to cause the device to reload, resulting in a DoS condition. A successful exploit could deny services for legitimate users.
Cisco has confirmed this vulnerability and has released updated software.
A successful exploit would require an attacker to authenticate to a targeted device. This access requirement would likely limit the chances of a successful exploit.
Reports have indicated that the vulnerability was seen on the stock Android browser; however, the issue is not browser-specific and other browsers may trigger this vulnerability.
Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.