Cisco published an advisory about multiple vulnerabilities in their IOS SSL implementation (http://www.cisco.com/en/US/products/products_security_advisory09186a0080847c49.shtml).
Several SSL messages (ClientHello, ChangeCipherSpec and Finished), when malformed, can cause Cisco IOS devices to crash.
Cisco said that this is only a DoS attack (no code execution seems to be possible) but as there are a lot of affected devices you should either install the patch or follow the workarounds (which are to disable the affected service(s)).
Thanks to Marc, CJ and Jim.I will be teaching next: Web App Penetration Testing and Ethical Hacking - SANS Riyadh April 2019
May 22nd 2007
1 decade ago