CVE-2008-3798

Name of the Vulnerable Software and Affected Versions Cisco IOS version 12.4

Description A remote attacker can cause a denial of service (device crash) via a normal, properly formed SSL packet that occurs during termination of an SSL session. This can happen during the termination of an SSL-based session. The offending packet is not malformed and is normally received as part of the packet exchange.

Recommendations For Cisco IOS version 12.4, update to a newer version that addresses this issue, as Cisco has released software updates that fix the vulnerability. As a temporary workaround, consider disabling affected services to minimize the risk of exploitation.