Multiple Vulnerabilities in Cisco IOS While Processing SSL Packets - Cisco Systems

high Nessus Plugin ID 49005

Language:

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

Cisco IOS device may crash while processing malformed Secure Sockets Layer (SSL) packets. In order to trigger these vulnerabilities, a malicious client must send malformed packets during the SSL protocol exchange with the vulnerable device.
Successful, repeated exploitation of any of these vulnerabilities may lead to a sustained denial of service (DoS). These vulnerabilities are not known to compromise either the confidentiality or integrity of the data or the device. These vulnerabilities are also not believed to allow an attacker to decrypt any previously encrypted information.
Cisco has made free software available to address these vulnerabilities for affected customers. There are workarounds available to mitigate the effects of these vulnerabilities.

Solution

Apply the relevant patch referenced in Cisco Security Advisory cisco-sa-20070522-SSL.

See Also

http://www.nessus.org/u?aa240b0d

http://www.nessus.org/u?56cc5af4

Plugin Details

Severity: High

ID: 49005

File Name: cisco-sa-20070522-SSLhttp.nasl

Version: 1.18

Type: local

Family: CISCO

Published: 9/1/2010

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: cpe:/o:cisco:ios

Required KB Items: Host/Cisco/IOS/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 5/22/2007

Vulnerability Publication Date: 5/22/2007

Reference Information

CVE: CVE-2007-2813

BID: 24097