Vigil@nce - Cisco IPS: denial of service via HTTPS Key Regeneration
February 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can send a query to the web management interface of
Cisco IPS, during the HTTPS Key Regeneration phase, in order to
trigger a denial of service.
– Impacted products: Cisco IPS
– Severity: 1/4
– Creation date: 23/02/2015
DESCRIPTION OF THE VULNERABILITY
The Cisco IPS product can be updated with an image in version 7.2.
The key for the web administration service is thus regenerated.
However, during this step, a received HTTP query blocks the system.
An attacker can therefore send a query to the web management
interface of Cisco IPS, during the HTTPS Key Regeneration phase,
in order to trigger a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Cisco-IPS-denial-of-service-via-HTTPS-Key-Regeneration-16245