CVE-2010-2836

Severity

78%

Complexity

99%

Confidentiality

115%

Memory leak in the SSL VPN feature in Cisco IOS 12.4, 15.0, and 15.1, when HTTP port redirection is enabled, allows remote attackers to cause a denial of service (memory consumption) by improperly disconnecting SSL sessions, leading to connections that remain in the CLOSE-WAIT state, aka Bug ID CSCtg21685.

Memory leak in the SSL VPN feature in Cisco IOS 12.4, 15.0, and 15.1, when HTTP port redirection is enabled, allows remote attackers to cause a denial of service (memory consumption) by improperly disconnecting SSL sessions, leading to connections that remain in the CLOSE-WAIT state, aka Bug ID CSCtg21685.

CVSS 2.0 Base Score 7.8. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:C).

Overview

Type

Cisco IOS

First reported 14 years ago

2010-09-23 19:00:00

Last updated 14 years ago

2010-09-24 18:12:00

Affected Software

Cisco IOS 12.4

12.4

Cisco IOS 12.4GC

12.4gc

Cisco IOS 12.4 MDA

12.4mda

Cisco IOS 12.4MR

12.4mr

Cisco IOS 12.4MRA

12.4mra

Cisco IOS 12.4SW

12.4sw

Cisco IOS 12.4XA

12.4xa

Cisco IOS 12.4XB

12.4xb

Cisco IOS 12.4XC

12.4xc

Cisco IOS 12.4XD

12.4xd

Cisco IOS 12.4XE

12.4xe

Cisco IOS 12.4XF

12.4xf

Cisco IOS 12.4XG

12.4xg

Cisco IOS 12.4XJ

12.4xj

Cisco IOS 12.4xk

12.4xk

Cisco IOS 12.4XL

12.4xl

Cisco IOS 12.4XM

12.4xm

Cisco IOS 12.4XN

12.4xn

Cisco IOS 12.4XP

12.4xp

Cisco IOS 12.4XT

12.4xt

Cisco IOS 12.4XV

12.4xv

Cisco IOS 12.4XW

12.4xw

Cisco IOS 12.4XY

12.4xy

Cisco IOS 12.4XZ

12.4xz

Cisco IOS 12.4YA

12.4ya

Cisco IOS 12.4YB

12.4yb

Cisco IOS 12.4YD

12.4yd

Cisco IOS 15.0M

15.0m

Cisco IOS 15.0XA

15.0xa

Cisco IOS 15.1(1)XB1

15.1\(1\)xb1

Cisco IOS 15.1T

15.1t

References

20100922 Cisco IOS SSL VPN Vulnerability

Patch, Vendor Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.