Cisco IOS SSL VPN Portal Page Denial of Service Vulnerability

2012-08-10T17:11:22
ID CISCO-SA-20120810-CVE-2012-1344
Type cisco
Reporter Cisco
Modified 2013-04-25T21:16:16

Description

Cisco IOS Software contains a vulnerability that could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on a targeted system.

The vulnerability is due to an unspecified issue that causes a device running the vulnerable software to reload when the web browser reloads the SSL VPN portal page. An authenticated, remote attacker could exploit this vulnerability by using a web browser to refresh the SSL VPN portal page to cause the device to reload, resulting in a DoS condition. A successful exploit could deny services for legitimate users.

Cisco has confirmed this vulnerability and has released updated software.

A successful exploit would require an attacker to authenticate to a targeted device. This access requirement would likely limit the chances of a successful exploit.

Reports have indicated that the vulnerability was seen on the stock Android browser; however, the issue is not browser-specific and other browsers may trigger this vulnerability.

Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.