Title: Cisco IOS WebVPN/SSLVPN Multiple Denial of Service Vulnerabilities
Severity: HIGH
Description:
Cisco IOS is prone to these remote denial-of-service vulnerabilities:
1. A denial-of-service vulnerability affects devices configured to use SSLVPN. An attacker can exploit this issue by sending a specially crafted HTTPS packet to the affected device. For an exploit to succeed, a complete three-way handshake to the associated TCP port must be established. This issue is being tracked by CVE-2009-0626 and Cisco Bug ID CSCsk62253.
2. Another denial-of-service vulnerability affects devices configured to use SSLVPN. This issue may cause transmission control blocks (TCBs) to leak when processing an abnormally disconnected SSL session. Repeatedly exploiting this issue will cause all memory resources to be consumed and the affected device to crash. This issue is being tracked by CVE-2009-0628 and Cisco Bug ID CSCsw24708.
Affected Products:
- Cisco IOS 12.3T
- Cisco IOS 12.3YK
- Cisco IOS 12.3YQ
- Cisco IOS 12.3YS
- Cisco IOS 12.3YT
- Cisco IOS 12.3YU
- Cisco IOS 12.4
- Cisco IOS 12.4MR
- Cisco IOS 12.4T
- Cisco IOS 12.4XA
- Cisco IOS 12.4XB
- Cisco IOS 12.4XC
- Cisco IOS 12.4XD
- Cisco IOS 12.4XE
- Cisco IOS 12.4XJ
- Cisco IOS 12.4XP
- Cisco IOS 12.4XT
- Cisco IOS 12.4XW
- Cisco IOS 12.4XY
- Cisco IOS 12.4XZ
References:
- CVE: CVE-2009-0626
- CVE: CVE-2009-0628
- Cisco: Cisco Security Advisory: Cisco IOS Software WebVPN and SSLVPN Vulnerabilities
- Cisco Systems: Cisco IOS Software
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
