This script is Copyright (C) 2014 Tenable Network Security, Inc.
The remote device is missing a vendor-supplied security patch.
A vulnerability in the VPN authentication code that handles parsing of
the username from the certificate on the Cisco ASA firewall could allow
an unauthenticated, remote attacker to cause a reload of the affected
The vulnerability is due to parallel processing of a large number of
Internet Key Exchange (IKE) requests for which username-from-cert is
configured. An attacker could exploit this vulnerability by sending a
large number of IKE requests when the affected device is configured with
the username-from-cert command. An exploit could allow the attacker to
cause a reload of the affected device, leading to a denial of service
See also :
Apply the relevant patch referenced in Cisco Bug Id CSCua91108.
Risk factor :
Medium / CVSS Base Score : 5.4
CVSS Temporal Score : 4.7
Public Exploit Available : true
Nessus Plugin ID: 72485 ()
Bugtraq ID: 63262
CVE ID: CVE-2013-5544
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.