Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Multiple vulnerabilities in Cisco IOS SSL implementation SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Multiple vulnerabilities in Cisco IOS SSL implementation
Cisco published an advisory about multiple vulnerabilities in their IOS SSL implementation (
Several SSL messages (ClientHello, ChangeCipherSpec and Finished), when malformed, can cause Cisco IOS devices to crash.

Cisco said that this is only a DoS attack (no code execution seems to be possible) but as there are a lot of affected devices you should either install the patch or follow the workarounds (which are to disable the affected service(s)).

Thanks to Marc, CJ and Jim.I will be teaching next: Web App Penetration Testing and Ethical Hacking - SANS Cyber Security East: May 2021


396 Posts
ISC Handler
May 22nd 2007

Sign Up for Free or Log In to start participating in the conversation!