A vulnerability in some Cisco Virtual Private Network (VPN) products could allow a remote attacker to cause a denial of service.
The Cisco VPN 3000 Series Concentrators and the Cisco VPN 3002 Hardware Clients are Virtual Private Network (VPN) platforms designed to provide secure remote network access. Some models of these devices contain a vulnerability by which a malformed SSH initialization packet sent during the initial SSH session setup may reload the VPN 3000 series concentrator.
A denial-of-service condition can result from unexpected rebooting of the affected device.
Cisco Systems Inc. has released software patches and workaround information for this vulnerability. Please see the vendor information section of this document for more details.
Thanks to Cisco Systems Product Security Incident Response Team for reporting this vulnerability.
This document was written by Chad R Dougherty.
|Date First Published:||2003-06-23|
|Date Last Updated:||2003-06-23 18:13 UTC|