A vulnerability in the VPN authentication code that handles parsing of the username from the certificate on the Cisco ASA firewall could allow an unauthenticated, remote attacker to cause a reload of the affected device.
The vulnerability is due to parallel processing of a large number of Internet Key Exchange (IKE) requests for which username-from-cert is configured. An attacker could exploit this vulnerability by sending a large number of IKE requests when the affected device is configured with the username-from-cert command. An exploit could allow the attacker to cause a reload of the affected device, leading to a denial of service (DoS) condition.
https://blog.basefarm.com/wp-content/uploads/2018/03/basefarm-logo-blue-1.png 0 0 Fredrik Svantes https://blog.basefarm.com/wp-content/uploads/2018/03/basefarm-logo-blue-1.png Fredrik Svantes2013-10-23 08:31:512013-10-25 16:10:34Cisco ASA VPN Denial of Service Vulnerability