The Cisco ASA firewall's SSL VPN component contains an denial-of-service vulnerability.
The Cisco Adaptive Security Appliance (ASA) is firewall that includes routing, intrusion prevention system (IPS), and VPN components. The clientless SSL VPN allows remote users with a web browser to connect to internal web sites by tunneling an HTTPS session through the ASA.
The ASA's SSL VPN component contains a denial of service vulnerability.
A remote unauthenticated attacker may be able to to create a denial-of-service condition. Note that any systems that rely on the affected device would also be affected.
Cisco has released an update to address this vulnerability. See the Software Versions and Fixes section of Cisco Security Advisory cisco-sa-20070502-asa for more details.
Thanks to Cisco for information that was used in this report.
This document was written by Ryan Giobbi.
|Date First Published:||2007-05-03|
|Date Last Updated:||2007-05-04 20:27 UTC|