Cisco ASA Software SSL VPN Memory Blocks Exhaustion Vulnerability

A vulnerability in the SSL VPN feature of Cisco ASA Software could
allow an unauthenticated, remote attacker to cause the exhaustion of
available memory, which could lead to system instability and availability
issues on the SSL VPN services.

The vulnerability is due to improper implementation of memory block
allocation when processing crafted HTTP packets. An attacker could
exploit this vulnerability by sending a crafted HTTP packet to the
affected system. The vulnerability can be exploited if SSL VPN is enabled.

Cisco has confirmed the vulnerability in a security notice and released software updates.

To exploit this vulnerability, an attacker may need to acquire additional information about the targeted device, such as whether SSL VPN is enabled on the device. This feature must be enabled for an attacker to achieve a successful exploit.

Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.