Release date:
Updated on:
Affected Systems:
Cisco IOS 15.1-15.4
Description:
--------------------------------------------------------------------------------
CVE (CAN) ID: CVE-2014-2112
Cisco IOS is an interconnected network operating system used on most Cisco system routers and network switches.
The ssl vpn feature in Cisco IOS 15.1-15.4 has a security vulnerability. Remote attackers exploit this vulnerability to cause denial of service (memory depletion) through specially crafted HTTP requests ).
<* Source: vendor
Link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140326-ios-sslvpn
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Cisco
-----
Cisco has released a Security Bulletin (cisco-sa-20140326-ios-sslvpn) and patches for this:
Cisco IOS Software ssl vpn Denial of Service Vulnerability
Link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140326-ios-sslvpn