HOME > VULNERABILITY NOTES


   VULNERABILITY NOTE

 

CERT-In Vulnerability Note CIVN-2009-44
Cisco IOS Software WebVPN and SSLVPN Vulnerabilities

Original Issue Date: April 09, 2009

Severity Rating: High

Systems Affected

IOS 12.3 and 12.4, if configure with SSL VPN or WebVPN feature.

Overview

A vulnerability has been reported in Cisco IOS software which can be remotely exploited without authentication to cause a denial of service condition.

Description

The Cisco SSLVPN feature provides remote access to enterprise sites by users from anywhere on the Internet. The SSLVPN provides users with secure access to specific enterprise applications, such as e-mail and web browsing, without requiring them to have VPN client software installed on their end-user devices. The WebVPN is the enhancements feature Cisco IOS SSLVPN.

1) Crafted HTTPS packet Denial of Service Vulnerability
(CVE-2009-0626)

This vulnerability exists due to an error in the Cisco IOS Software while handling HTTPS packets over the port assigned to SSLVPN service. An unauthenticated, remote attacker could exploit this vulnerability by sending specially crafted HTTPS packets to the target device to cause a reload or hang, resulting in denial of service (DoS) to legitimate users.

2) SSLVPN Memory Corruption Vulnerability (CVE-2009-0628)

This vulnerability exists in the Cisco IOS Software configured for SSLVPN while processing an abnormally disconnected SSL session. An unauthenticated, remote attacker could exploit this vulnerability by sending specially crafted packets (designed to trigger a memory leak) to the target device which could deplete its memory resources and result in a crash of the device.

Solutions

Apply fixed version as suggested by vendor at:
http://www.cisco.com/en/US/products/products_security_
advisory09186a0080a90424.shtml

Vendor Information

CISCO http://www.cisco.com/en/US/products/products_security_advisory
09186a0080a90424.shtml

References

CISCO http://www.cisco.com/en/US/products/products_security_advisory
09186a0080a90424.shtml
http://tools.cisco.com/security/center/viewAlert.x?alertId=17763

Security Focus
http://www.securityfocus.com/bid/34239

Security Tracker
http://securitytracker.com/id?1021896

Secunia
http://secunia.com/advisories/34438

CVE Name
CVE-2009-0626
CVE-2009-0628

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003