This script is (C) 2010-2014 Tenable Network Security, Inc.
The remote device is missing a vendor-supplied security patch.
Cisco IOS software contains two vulnerabilities within the Cisco IOS
WebVPN or Cisco IOS SSLVPN feature (SSLVPN) that can be remotely
exploited without authentication to cause a denial of service
condition. Both vulnerabilities affect both Cisco IOS WebVPN and Cisco
IOS SSLVPN features:
- Crafted HTTPS packet will crash device.
- SSLVPN sessions cause a memory leak in the device.
Cisco has released free software updates that address these
There are no workarounds that mitigate these vulnerabilities.
See also :
Apply the relevant patch referenced in Cisco Security Advisory
Risk factor :
High / CVSS Base Score : 7.8
CVSS Temporal Score : 6.4
Public Exploit Available : true