Threat Level: green Handler on Duty: Renato Marinho

SANS ISC: Multiple vulnerabilities in Cisco IOS SSL implementation SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Multiple vulnerabilities in Cisco IOS SSL implementation
Cisco published an advisory about multiple vulnerabilities in their IOS SSL implementation (http://www.cisco.com/en/US/products/products_security_advisory09186a0080847c49.shtml).
Several SSL messages (ClientHello, ChangeCipherSpec and Finished), when malformed, can cause Cisco IOS devices to crash.

Cisco said that this is only a DoS attack (no code execution seems to be possible) but as there are a lot of affected devices you should either install the patch or follow the workarounds (which are to disable the affected service(s)).

Thanks to Marc, CJ and Jim.I will be teaching next: Web App Penetration Testing and Ethical Hacking - SANS Attack the Summer 2020

Bojan

391 Posts
ISC Handler
May 22nd 2007

Sign Up for Free or Log In to start participating in the conversation!