Cisco Intrusion Prevention System MainApp Denial of Service Vulnerability

A vulnerability in the web framework of Cisco Intrusion Prevention System (IPS) Software could allow
an authenticated, remote attacker to cause MainApp to hang
intermittently because the authentication manager process creates a
denial of service (DoS) condition.

The vulnerability is due to improper handling of user tokens. An
attacker could exploit this vulnerability by sending a crafted
connection request to the Cisco IPS management interface.

Cisco has confirmed the vulnerability in a security notice and released software updates.

To exploit this vulnerability, an attacker must have authenticated access to the targeted system. This access requirement may reduce the likelihood of a successful exploit.

Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.