Cisco IOS SSL VPN Denial of Service Vulnerability

Cisco IOS Software contains a vulnerability that could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on a targeted system.

The vulnerability is due to an error in the SSL VPN component of the affected software. An authenticated, remote attacker could exploit this vulnerability by sending a series of malicious packets via an SSL VPN session that terminates over a PPP over ATM (PPPoA) interface of a targeted device. Successful exploitation could allow the attacker to cause the affected device to crash, resulting in a DOS condition.

Cisco has confirmed the vulnerability and released software updates.

A successful exploit could allow an attacker to cause a device to stop responding, which could prevent authorized users from accessing network resources served by the targeted device.

This alert contains CVSS scoring supplied by Cisco, the primary vendor of the affected product. Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.