Vulnslist

Cisco Intrusion Prevention System Key Regeneration HTTPS Denial of Service Vulnerability

Cisco-SA-20150220-CVE-2015-0631 · Medium · Published 11 years ago · Updated 11 years ago

A vulnerability in the SSL/TLS subsystem used by the web management interface of Cisco Intrusion Prevention System (IPS) software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a potential race condition while regenerating the affected device's cryptographic certificate and keys during an upgrade to image 7.2 or later from an image prior to 7.2. An attacker could exploit this vulnerability by negotiating a number of HTTPS connections with the management interface while key regeneration is in process. A successful exploit could allow the attacker to create a DoS condition. The condition will persist until the device has been restarted. The vulnerability can be triggered only by SSL/TLS traffic directed to the TCP port and IP address of the management interface associated with the web server. The default TCP port is 443. Packets transiting an affected device through the sensing interfaces cannot be used to trigger this vulnerability. Cisco has confirmed the vulnerability in a security notice and released software updates. Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.

Cisco advisory · CSAF JSON

Workarounds

Related Products