Multiple Vulnerabilities in Cisco IOS While Processing SSL Packets - Cisco Systems

This script is (C) 2010-2014 Tenable Network Security, Inc.


Synopsis :

The remote device is missing a vendor-supplied security patch.

Description :

Cisco IOS device may crash while processing malformed Secure Sockets
Layer (SSL) packets. In order to trigger these vulnerabilities, a
malicious client must send malformed packets during the SSL protocol
exchange with the vulnerable device.
Successful, repeated exploitation of any of these vulnerabilities may
lead to a sustained denial of service (DoS). These vulnerabilities
are not known to compromise either the confidentiality or integrity of
the data or the device. These vulnerabilities are also not believed to
allow an attacker to decrypt any previously encrypted information.
Cisco has made free software available to address these
vulnerabilities for affected customers. There are workarounds available
to mitigate the effects of these vulnerabilities.

See also :

http://www.nessus.org/u?be9e6944
http://www.nessus.org/u?87dd6055

Solution :

Apply the relevant patch referenced in Cisco Security Advisory
cisco-sa-20070522-SSL.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 5.8
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: CISCO

Nessus Plugin ID: 49005 (cisco-sa-20070522-SSLhttp.nasl)

Bugtraq ID: 24097

CVE ID: CVE-2007-2813