Detections
Analytics
Cisco IOS Software SSL VPN Denial of Service (cisco-sa-20140326-ios-sslvpn)
high Nessus Plugin ID 73342
Language:
Synopsis
The remote device is missing a vendor-supplied security patch.Description
According to its self-reported version, the version of Cisco IOS running on the remote host is affected by a denial of service vulnerability due to improper handling of certain, unspecified types of HTTP requests in the SSL VPN subsystem. An unauthenticated, remote attacker could potentially exploit this issue by sending specially crafted HTTP requests resulting in a denial of service.Solution
Apply the relevant patch referenced in Cisco Security Advisory cisco-sa-20140326-ios-sslvpn.See Also
http://www.nessus.org/u?5b0c3f17
https://tools.cisco.com/security/center/viewAlert.x?alertId=33350
Plugin Details
Severity: High
ID: 73342
File Name: cisco-sa-20140326-ios-sslvpn.nasl
Version: 1.8
Type: local
Family: CISCO
Published: 4/4/2014
Updated: 11/15/2018
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.6
CVSS v2
Risk Factor: High
Base Score: 7.8
Temporal Score: 5.8
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C
Vulnerability Information
CPE: cpe:/o:cisco:ios
Required KB Items: Host/Cisco/IOS/Version
Exploit Ease: No known exploits are available
Patch Publication Date: 9/20/2013
Vulnerability Publication Date: 3/26/2014
Reference Information
CVE: CVE-2014-2112
BID: 66462
CISCO-SA: cisco-sa-20140326-ios-sslvpn
CISCO-BUG-ID: CSCuf51357