Detections
Analytics

Cisco IOS Web Authentication DoS

medium Nessus Plugin ID 61492

Language:

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

The version of Cisco IOS installed on the remote host is affected by a denial of service vulnerability due to an error while parsing local web authentication. A remote attacker, by entering an extremely rapid input of credentials, can exploit this to crash the switch, forcing a reboot.

Solution

Upgrade to the relevant fixed version referenced in Cisco bug ID CSCts88664.

See Also

https://tools.cisco.com/security/center/viewAlert.x?alertId=26615

https://tools.cisco.com/bugsearch/bug/CSCts88664

Plugin Details

Severity: Medium

ID: 61492

File Name: cisco_ios_webauth_dos.nasl

Version: 1.7

Type: local

Family: CISCO

Published: 8/10/2012

Updated: 7/6/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 6.3

Temporal Score: 4.7

Vector: CVSS2#AV:N/AC:M/Au:S/C:N/I:N/A:C

Vulnerability Information

CPE: cpe:/o:cisco:ios

Required KB Items: Host/Cisco/IOS/Version, Host/Cisco/IOS/Model

Exploit Ease: No known exploits are available

Patch Publication Date: 8/6/2012

Vulnerability Publication Date: 6/29/2012

Reference Information

CVE: CVE-2012-1338

BID: 54834

CISCO-BUG-ID: CSCts88664