Overview
The Cisco ASA firewall's SSL VPN component contains an denial-of-service vulnerability.
Description
The Cisco Adaptive Security Appliance (ASA) is firewall that includes routing, intrusion prevention system (IPS), and VPN components. The clientless SSL VPN allows remote users with a web browser to connect to internal web sites by tunneling an HTTPS session through the ASA. The ASA's SSL VPN component contains a denial of service vulnerability. |
Impact
A remote unauthenticated attacker may be able to to create a denial-of-service condition. Note that any systems that rely on the affected device would also be affected. |
Solution
Upgrade Cisco has released an update to address this vulnerability. See the Software Versions and Fixes section of Cisco Security Advisory cisco-sa-20070502-asa for more details. |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
- http://www.cisco.com/warp/public/707/cisco-sa-20070502-asa.shtml
- http://www.cisco.com/warp/public/110/webvpnasa.pdf
- http://www.cisco.com/en/US/products/ps6120/index.html
- http://www.cisco.com/en/US/netsol/ns461/networking_solutions_white_paper0900aecd80282f87.shtml
- http://www.cisco.com/en/US/products/products_security_advisory09186a0080833166.shtml#details
- http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCsi16248
- http://en.wikipedia.org/wiki/Intrusion-prevention_system
Acknowledgements
Thanks to Cisco for information that was used in this report.
This document was written by Ryan Giobbi.
Other Information
| CVE IDs: | None |
| Severity Metric: | 0.70 |
| Date Public: | 2007-05-02 |
| Date First Published: | 2007-05-03 |
| Date Last Updated: | 2007-05-04 20:27 UTC |
| Document Revision: | 13 |