Executive Summary

Title Cisco Intrusion Prevention System MainApp Secure Socket Layer Denial of Service Vulnerability
Name cisco-sa-20150311-ips First vendor Publication 2015-03-11
Vendor Cisco Last vendor Modification 2015-03-11
Severity (Vendor) N/A Revision 1.0

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:N/A:C)
Cvss Base Score 7.1 Attack Range Network
Cvss Impact Score 6.9 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores


The Cisco Intrusion Prevention System (IPS) Software has a vulnerability within the SSL/TLS subsystem utilized by the web management interface which could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.

Cisco has released free software updates that address this vulnerability. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150311-ips BEGIN PGP SIGNATURE Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJVAGihAAoJEIpI1I6i1Mx3PCYP/j5Ej14GymDq0dvsDWmnLYlO JAmJmrSV+r1vWHmj0YcVLVGyXGbmBYnHxZHNCgyB+RKC67jdmoE0zCL5bi69dEFr ee+L/o8/f22NXcbATdJCb8vdjgW6/3cnKiODyDoEtM7MuDmH/h7eml/I3dDQBfES oKMTNb+bxVi8ojVNBDa8ml9+Xp6ppuJzDIUm/eq8tAMQXncFMfsQehYCq9GRGN8Z Rt5N309+C8vcVp5jHP06vcG5xH/sript/zY49nW/TYoC57EMHq3/c0h13mrbCRlO wIf8Kr+YET1p7++hMzbWq6SLlz0Np5oG3B3zN1UvJ1ABiJ8y3xnV5MrC7iUU17R4 mEQCCJSvvKV32DguKWJ3H/xfZr5uiPPgyXuMw4rPwPBjUJyOYuxArn5q+OXo4JLM F2oqIgTkm0zHYtEoEwH51KH6X9N2QrssUMomxBsSOs4LwnNcKB2Fyq0HQpX492PL Pp6DKkOV24HLh5AHwrwKHArmLUIfGejBgyUrjbCt/eT4cutKhwrQhunEnis6jzYj fTyLmQ5cZjIhT4+8akurpze1fNCTLFd2FVexvbRxNro2iL30LdFDHDUpz/9xsqks A+ONgWGeKMKnCjawZ9s2OPgNV7WEvibjFiDWHdH7xZM8YpwR/5381OQNwCsdKdvW alelR0tXSuOXiO6EN9ha =kotf END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com

Original Source

Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...)

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-362 Race Condition

CPE : Common Platform Enumeration

Application 3

Information Assurance Vulnerability Management (IAVM)

Date Description
2015-03-19 IAVM : 2015-A-0059 - Cisco Intrusion Prevention System Denial of Service Vulnerability
Severity : Category I - VMSKEY : V0059299

Nessus® Vulnerability Scanner

Date Description
2015-03-20 Name : The remote security appliance is missing a vendor-supplied security patch.
File : cisco-sa-20150311-ipa.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
Date Informations
2015-10-18 17:22:07
  • Multiple Updates
2015-03-21 13:27:28
  • Multiple Updates
2015-03-14 00:26:01
  • Multiple Updates
2015-03-11 21:22:07
  • First insertion