Uočen je i ispravljen sigurnosni nedostatak vezan uz Cisco IOS. Udaljeni napadači su ga mogli iskoristiti za napad uskraćivanjem usluga (DoS).

Cisco IOS SSL VPN Portal Page Denial of Service Vulnerability
 	
Threat Type:	CWE: Insufficient Information
IntelliShield ID:	26602
Version:	1
Vector:	Network
Authentication:	Single
Exploit:	Functional
Port:	Not Available
CVE:	CVE-2012-1344
BugTraq ID:	54835
	
	Urgency:	Unlikely Use 	[Urgency: 1-Weakness 2-Unlikely Use 3-Possible Use 4-Probable Use 5-Incidents Reported]
	Credibility:	Confirmed 	[Credibility: 1-Very Low 2-Low 3-Corroborated 4-Highly Credible 5-Confirmed]
	Severity:	Mild Damage 	[Severity: 1-No Damage 2-Harrassment 3-Mild Damage 4-Moderate Damage 5-Heavy Damage]
	CVSS Base:	6.8	CVSS Calculator
CVSS Version 2
	CVSS Temporal:	5.6
 
Version Summary:	Cisco IOS Software contains a vulnerability that could allow an authenticated, remote attacker to cause a denial of service condition on a targeted system. Updates are available.
 
 
Description
Cisco IOS Software contains a vulnerability that could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on a targeted system.

The vulnerability is due to an unspecified issue that causes a device running the vulnerable software to reload when the web browser reloads the SSL VPN portal page. A remote, authenticated attacker could exploit this vulnerability by using a web browser to refresh the SSL VPN portal page to cause the device to reload, resulting in a DoS condition. A successful exploit could deny services for legitimate users.

Cisco has confirmed this vulnerability and has released updated software.

 
Warning Indicators
Cisco IOS versions 15.1 and 15.2 are vulnerable when an affected device running the vulnerable software is configured with a clientless SSL VPN.
 
IntelliShield Analysis
A successful exploit would require an attacker to authenticate to a targeted device. This access requirement would likely limit the chances of a successful exploit.

Reports have indicated that the vulnerability was seen on the stock Android browser; however, the issue is not browser-specific and other browsers may trigger this vulnerability.

Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.
 
Vendor Announcements
Cisco has released cross-platform release notes for Cisco bug ID CSCtr86328 at the following link: Cross-Platform Release Notes
	
 
Impact
An authenticated, remote attacker could exploit this vulnerability to cause a device running the affected software to crash, resulting in a DOS condition, denying service to legitimate users.
 
Technical Information
The vulnerability is due to an unspecified issue that causes a device running the vulnerable software to reload when the web browser reloads the SSL VPN portal page.
 
Safeguards
Administrators are advised to apply the appropriate updates.

Administrators are advised to allow only privileged users to access administration or management systems.

Administrators are advised to monitor critical systems.
 
Patches/Software
Cisco customers with active contracts can obtain updates through the Software Center at the following link: Cisco. Cisco customers without contracts can obtain upgrades by contacting the Cisco Technical Assistance Center at 1-800-553-2447 or 1-408-526-7209 or via e-mail at Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite..
 
Alert History
 
Initial Release

Product Sets
 
The security vulnerability applies to the following combinations of products.

Primary Products:
Cisco	Cisco IOS Software	15.1(2)T Base | 15.1EY 15.1(2)EY, 15.1(2)EY1, 15.1(2)EY1a, 15.1(2)EY2, 15.1(2)EY2a, 15.1(2)EY3, 15.1(2)EY4 | 15.1GC 15.1(2)GC, 15.1(2)GC1, 15.1(2)GC2 | 15.1M 15.1(4)M, 15.1(4)M0a, 15.1(4)M0b, 15.1(4)M1, 15.1(4)M2, 15.1(4)M3, 15.1(4)M3a, 15.1(4)M4, 15.1(4)M5, 15.1(4)M6, 15.1(4)M7 | 15.1MR 15.1(1)MR, 15.1(1)MR1, 15.1(1)MR2, 15.1(1)MR3, 15.1(1)MR4, 15.1(3)MR, 15.1(3)MR1 | 15.1MWR 15.1(2)MWR | 15.1S 15.1(1)S, 15.1(1)S1, 15.1(1)S2, 15.1(2)S, 15.1(2)S1, 15.1(2)S2, 15.1(3)S, 15.1(3)S0a, 15.1(3)S1, 15.1(3)S2, 15.1(3)S3, 15.1(3)S4 | 15.1SA 15.1(1)SA, 15.1(1)SA1, 15.1(1)SA2 | 15.1SG 15.1(1)SG, 15.1(1)SG1, 15.1(2)SG | 15.1SNH 15.1(2)SNH, 15.1(2)SNH1 | 15.1SNI 15.1(2)SNI | 15.1SVA 15.1(3)SVA | 15.1SY 15.1(1)SY, 15.1(1)SY1 | 15.1T 15.1(1)T, 15.1(1)T1, 15.1(1)T2, 15.1(1)T3, 15.1(1)T4, 15.1(1)T5, 15.1(100)T, 15.1(2)T0a, 15.1(2)T1, 15.1(2)T10, 15.1(2)T2, 15.1(2)T2a, 15.1(2)T3, 15.1(2)T4, 15.1(2)T5, 15.1(3)T, 15.1(3)T1, 15.1(3)T2, 15.1(3)T3, 15.1(3)T4, 15.1(4)T | 15.1XB 15.1(1)XB, 15.1(1)XB1, 15.1(1)XB2, 15.1(1)XB3, 15.1(4)XB4, 15.1(4)XB5, 15.1(4)XB5a, 15.1(4)XB6, 15.1(4)XB7, 15.1(4)XB8, 15.1(4)XB8a | 15.2E 15.2(1)E | 15.2GC 15.2(1)GC, 15.2(1)GC1, 15.2(1)GC2, 15.2(2)GC, 15.2(3)GC | 15.2JA 15.2(2)JA | 15.2M 15.2(4)M, 15.2(4)M0a, 15.2(4)M1, 15.2(4)M10, 15.2(4)M2, 15.2(4)M3, 15.2(4)M4, 15.2(4)M5, 15.2(4)M6, 15.2(4)M7, 15.2(4)M8, 15.2(4)M9 | 15.2S 15.2(1)S, 15.2(1)S1, 15.2(1)S2, 15.2(1s)S1, 15.2(2)S, 15.2(2)S0a, 15.2(2)S0b, 15.2(2)S0c, 15.2(2)S0d, 15.2(2)S1, 15.2(2)S2, 15.2(3)S, 15.2(4)S, 15.2(4)S1, 15.2(4)S2, 15.2(4)S3, 15.2(4)S4, 15.2(4)S5, 15.2(4)S6 | 15.2SB 15.2(1)SB, 15.2(1)SB1 | 15.2SNG 15.2(2)SNG | 15.2T 15.2(1)T, 15.2(1)T1, 15.2(1)T2, 15.2(1)T3, 15.2(1)T4, 15.2(2)T, 15.2(2)T1, 15.2(2)T2, 15.2(2)T3, 15.2(2)T4, 15.2(3)T, 15.2(3)T1, 15.2(3)T2, 15.2(3)T3, 15.2(3)T4 | 15.2XA 15.2(3)XA

Associated Products:
N/A