Cisco IOS Software SSL VPN Denial of Service (cisco-sa-20140326-ios-sslvpn)

This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.

Synopsis :

The remote device is missing a vendor-supplied security patch.

Description :

According to its self-reported version, the version of Cisco IOS
running on the remote host is affected by a denial of service
vulnerability due to improper handling of certain, unspecified types
of HTTP requests in the SSL VPN subsystem. An unauthenticated, remote
attacker could potentially exploit this issue by sending specially
crafted HTTP requests resulting in a denial of service.

See also :

Solution :

Apply the relevant patch referenced in Cisco Security Advisory

Risk factor :

High / CVSS Base Score : 7.8
CVSS Temporal Score : 6.8
Public Exploit Available : true

Family: CISCO

Nessus Plugin ID: 73342 ()

Bugtraq ID: 66462

CVE ID: CVE-2014-2112

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now