Cisco IOS Software contains a vulnerability that could allow an authenticated, remote malicious user to cause a denial of service (DoS) condition on a targeted system. The vulnerability is due to an error in the SSL VPN component of the affected software. An authenticated, remote attacker could exploit this vulnerability by sending a series of malicious packets via an SSL VPN session that terminates over a PPP over ATM (PPPoA) interface of a targeted device. Successful exploitation could allow the malicious user to cause the affected device to crash, resulting in a DOS condition. Cisco has confirmed the vulnerability and released software updates. A successful exploit could allow an malicious user to cause a device to stop responding, which could prevent authorized users from accessing network resources served by the targeted device. This alert contains CVSS scoring supplied by Cisco, the primary vendor of the affected product. Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
cisco ios 15.2 |
||
cisco ios 15.1 |
Vulmon