Cisco IOS Software SSL VPN Denial of Service (cisco-sa-20140326-ios-sslvpn)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote device is missing a vendor-supplied security patch.

Description :

According to its self-reported version, the version of Cisco IOS
running on the remote host is affected by a denial of service
vulnerability due to improper handling of certain, unspecified types
of HTTP requests in the SSL VPN subsystem. An unauthenticated, remote
attacker could potentially exploit this issue by sending specially
crafted HTTP requests resulting in a denial of service.

See also :

http://www.nessus.org/u?d99d5315
http://tools.cisco.com/security/center/viewAlert.x?alertId=33350

Solution :

Apply the relevant patch referenced in Cisco Security Advisory
cisco-sa-20140326-ios-sslvpn.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 6.8
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: CISCO

Nessus Plugin ID: 73342 ()

Bugtraq ID: 66462

CVE ID: CVE-2014-2112