CiscoCISCO-SA-20120810-CVE-2012-1344Cisco IOS SSL VPN Portal Page Denial of Service Vulnerability
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:N/I:N/A:P
EPSS
Percentile
43.8%
Cisco IOS Software contains a vulnerability that could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on a targeted system.
The vulnerability is due to an unspecified issue that causes a device running the vulnerable software to reload when the web browser reloads the SSL VPN portal page. An authenticated, remote attacker could exploit this vulnerability by using a web browser to refresh the SSL VPN portal page to cause the device to reload, resulting in a DoS condition. A successful exploit could deny services for legitimate users.
Cisco has confirmed this vulnerability and has released updated software.
A successful exploit would require an attacker to authenticate to a targeted device. This access requirement would likely limit the chances of a successful exploit.
Reports have indicated that the vulnerability was seen on the stock Android browser; however, the issue is not browser-specific and other browsers may trigger this vulnerability.
Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:N/I:N/A:P
EPSS
Percentile
43.8%