Cisco Intrusion Prevention System Key Regeneration HTTPS Denial of Service Vulnerability

A vulnerability in the SSL/TLS subsystem used by the web management interface of Cisco Intrusion Prevention System (IPS) software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.

The vulnerability is due to a potential race condition while regenerating the affected device’s cryptographic certificate and keys during an upgrade to image 7.2 or later from an image prior to 7.2. An attacker could exploit this vulnerability by negotiating a number of HTTPS connections with the management interface while key regeneration is in process. A successful exploit could allow the attacker to create a DoS condition. The condition will persist until the device has been restarted.

The vulnerability can be triggered only by SSL/TLS traffic directed to the TCP port and IP address of the management interface associated with the web server. The default TCP port is 443. Packets transiting an affected device
through the sensing interfaces cannot be used to trigger this vulnerability.

Cisco has confirmed the vulnerability in a security notice and released software updates.

Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.