Vigil@nce - Cisco ISR: denial of service via VPN
May 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An authenticated attacker can open several VPN tunnels on Cisco
Aggregation Services Router Route Processor 2, in order to trigger
a denial of service.
– Impacted products: IOS
– Severity: 1/4
– Creation date: 13/05/2013
DESCRIPTION OF THE VULNERABILITY
An authenticated user can display encryption statistics.
However, if several tunnels are open, this operation stops the
Route Processor.
An authenticated attacker can therefore open several VPN tunnels
on Cisco Aggregation Services Router Route Processor 2, in order
to trigger a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Cisco-ISR-denial-of-service-via-VPN-12785