Info

Disclosure

May 02, 2007

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

PIX/ASA contains a flaw that may allow a remote denial of service. The issue is triggered when by an unspecified flaw in the SSL VPN HTTP server related to processing non-standard SSL sessions, and will result in loss of availability for the platform.

Classification

Location: Remote / Network Access
Attack Type: Denial of Service
Impact: Loss of Availability
Exploit: Exploit Unknown
Disclosure: OSVDB Verified
OSVDB: Security Software

Solution

Upgrade to version 7.1(2)49 or 7.2(2)19 or higher, as they have been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Cisco Systems, Inc.	PIX	7.2(1)
		7.2(2)2
		7.1(2)46
		7.1(2)42
		7.1(2)28
		7.1(2)24
		7.1(2)20
		7.1(2)16
		7.1(2)12
		7.1(2)7
		7.1(2)4
		7.1(2)
		7.2(2)14
		7.2(2)10
		7.2(2)18
	ASA	7.2(1)
		7.2(2)2
		7.1(2)46
		7.1(2)42
		7.1(2)28
		7.1(2)24
		7.1(2)20
		7.1(2)16
		7.1(2)12
		7.1(2)7
		7.1(2)4
		7.1(2)
		7.2(2)14
		7.2(2)10
		7.2(2)18

References

CVE ID: 2007-2464 (see also: NVD)
Bugtraq ID: 23768
Secunia Advisory ID: 25109
ISS X-Force ID: 34023
Related OSVDB ID: 35330 35331 35332
VUPEN Advisory: ADV-2007-1636
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-05/0022.html
Vendor Specific Advisory URL: http://www.cisco.com/warp/public/707/cisco-sa-20070502-asa.shtml

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/35333

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Cisco Systems, Inc.

PIX

ASA

References

Credit