Cisco Security Manager 4.9.x < 4.9(0.397) / 4.10.x < 4.10(0.189) OpenSSL ASN.1 Signature Handling DoS
Medium Nessus Plugin ID 88593
SynopsisThe web application running on the remote web server is affected by a denial of service vulnerability.
DescriptionThe version of Cisco Security Manager running on the remote web server is 4.9.x prior to 4.9(0.397) or 4.10.x prior to 4.10(0.189). It is, therefore, affected by a NULL pointer dereference flaw in file rsa_ameth.c due to improper handling of ASN.1 signatures that are missing the PSS parameter. A remote attacker can exploit this to cause the signature verification routine to crash, resulting in a denial of service condition.
SolutionUpgrade to Cisco Security Manager version 4.9(0.397) / 4.10(0.189) or later.