Lucene search

CiscoCISCO-SA-20140326-IOS-SSLVPN

HistoryMar 26, 2014 - 4:00 p.m.

Cisco IOS Software SSL VPN Denial of Service Vulnerability

2014-03-2616:00:00

tools.cisco.com

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.001 Low

EPSS

Percentile

43.4%

JSON

A vulnerability in the Secure Sockets Layer (SSL) VPN subsystem of Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.

The vulnerability is due to a failure to process certain types of HTTP requests. To exploit the vulnerability, an attacker could submit crafted requests designed to consume memory to an affected device. An exploit could allow the attacker to consume and fragment memory on the affected device. This may cause reduced performance, a failure of certain processes, or a restart of the affected device.

Cisco has released software updates that address this vulnerability. There are no workarounds to mitigate this vulnerability.

This advisory is available at the following link:

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140326-ios-sslvpn[“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140326-ios-sslvpn”]

Note: The March 26, 2014, Cisco IOS Software Security Advisory bundled publication includes six Cisco Security Advisories. All advisories address vulnerabilities in Cisco IOS Software. Each Cisco IOS Software Security Advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all Cisco IOS Software vulnerabilities in the March 2014 bundled publication.

Individual publication links are in Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication at the following link:

http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar14.html[“http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar14.html”]

Affected configurations

Vulners

Node

ciscoiosMatch15.1t

ciscoiosMatch15.1xb

ciscoiosMatch15.3t

ciscoiosMatch15.1m

ciscoiosMatch15.1gc

ciscoiosMatch15.2m

ciscoiosMatch15.2gc

ciscoiosMatch15.4t

ciscoiosMatch15.3m

ciscoiosMatch15.2jaz

ciscoiosMatch15.3xb

ciscoiosMatch15.3jaa

ciscoiosMatch15.6t

ciscoiosMatch15.3jpi

ciscoiosMatch15.3jpj

ciscoiosMatch15.3jpr

ciscoiosMatch15.1\(2\)t

ciscoiosMatch15.1\(3\)t2

ciscoiosMatch15.1\(2\)t0a

ciscoiosMatch15.1\(3\)t3

ciscoiosMatch15.1\(2\)t3

ciscoiosMatch15.1\(2\)t4

ciscoiosMatch15.1\(3\)t

ciscoiosMatch15.1\(2\)t2a

ciscoiosMatch15.1\(3\)t1

ciscoiosMatch15.1\(2\)t2

ciscoiosMatch15.1\(2\)t1

ciscoiosMatch15.1\(2\)t5

ciscoiosMatch15.1\(3\)t4

ciscoiosMatch15.1\(4\)xb4

ciscoiosMatch15.1\(4\)xb5

ciscoiosMatch15.1\(4\)xb6

ciscoiosMatch15.1\(4\)xb5a

ciscoiosMatch15.1\(4\)xb7

ciscoiosMatch15.1\(4\)xb8

ciscoiosMatch15.1\(4\)xb8a

ciscoiosMatch15.3\(1\)t

ciscoiosMatch15.3\(2\)t

ciscoiosMatch15.3\(1\)t1

ciscoiosMatch15.3\(1\)t2

ciscoiosMatch15.3\(1\)t3

ciscoiosMatch15.3\(2\)t1

ciscoiosMatch15.3\(2\)t2

ciscoiosMatch15.1\(4\)m3

ciscoiosMatch15.1\(4\)m

ciscoiosMatch15.1\(4\)m1

ciscoiosMatch15.1\(4\)m2

ciscoiosMatch15.1\(4\)m6

ciscoiosMatch15.1\(4\)m5

ciscoiosMatch15.1\(4\)m4

ciscoiosMatch15.1\(4\)m0a

ciscoiosMatch15.1\(4\)m0b

ciscoiosMatch15.1\(4\)m3a

ciscoiosMatch15.1\(2\)gc

ciscoiosMatch15.1\(2\)gc1

ciscoiosMatch15.1\(2\)gc2

ciscoiosMatch15.1\(4\)gc

ciscoiosMatch15.1\(4\)gc1

ciscoiosMatch15.2\(4\)m

ciscoiosMatch15.2\(4\)m1

ciscoiosMatch15.2\(4\)m2

ciscoiosMatch15.2\(4\)m4

ciscoiosMatch15.2\(4\)m3

ciscoiosMatch15.2\(4\)m5

ciscoiosMatch15.2\(1\)gc

ciscoiosMatch15.2\(1\)gc1

ciscoiosMatch15.2\(1\)gc2

ciscoiosMatch15.2\(2\)gc

ciscoiosMatch15.2\(3\)gc

ciscoiosMatch15.2\(3\)gc1

ciscoiosMatch15.2\(4\)gc

ciscoiosMatch15.4\(1\)t

ciscoiosMatch15.3\(3\)m

ciscoiosMatch15.3\(3\)m1

ciscoiosMatch15.2\(4\)jaz1

ciscoiosMatch15.3\(3\)xb12

ciscoiosMatch15.3\(3\)jaa1

ciscoiosMatch15.6\(2\)t

ciscoiosMatch15.3\(3\)jpi

ciscoiosMatch15.3\(3\)jpj

ciscoiosMatch15.3\(3\)jpr1

CPENameOperatorVersion
ioseq15.1T
ioseq15.1XB
ioseq15.3T
ioseq15.1M
ioseq15.1GC
ioseq15.2M
ioseq15.2GC
ioseq15.4T
ioseq15.3M
ioseq15.2JAZ

Name	Operator	Version
ios	eq	15.1T
ios	eq	15.1XB
ios	eq	15.3T
ios	eq	15.1M
ios	eq	15.1GC
ios	eq	15.2M
ios	eq	15.2GC
ios	eq	15.4T
ios	eq	15.3M
ios	eq	15.2JAZ

Rows per page:

1-10 of 811

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140326-ios-sslvpn

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.001 Low

EPSS

Percentile

43.4%

JSON

Related for CISCO-SA-20140326-IOS-SSLVPN