| | site-map | e-mail

User:

Guest

Name: Password:

www.center.hu / Archive / Security news / april, 2005 / Cisco VPN Concentrator crafted SSL attack vulnerability 

Cisco VPN Concentrator crafted SSL attack vulnerability

Cisco VPN Concentrator crafted SSL attack vulnerability

Date Discovered: Wednesday, March 30, 2005
Date Published: Thursday, March 31, 2005
Last Updated: Thursday, March 31, 2005

Vulnerability Description

Vulnerability ID:          32672
Discovered By:            vendor
Exploitable Locally:     No
Exploitable Remotely: Yes
Impact:                        Remote attackers can cause a denial of service condition.
Root Cause:                 Software Vulnerability

Cisco VPN Concentrator contains a vulnerability that may allow remote attackers to cause a denial of service condition. The vulnerability is due to Concentrator software improperly handling certain crafted SSL attacks. Remote attackers can exploit this vulnerability to cause the device to reload and drop user connections. Note, this vulnerability only exists if HTTPS service is enabled with unlimited access.

 

 

More information on CA Vulnerability Information Center: 
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=32672

Computer Associates – the Trusted Source of Security Knowledge

 

2005-04-01 12:56

Back