CVE-2009-0626

Name of the Vulnerable Software and Affected Versions Cisco IOS versions 12.3 through 12.4

Description The issue allows remote attackers to cause a denial of service condition via a crafted HTTPS packet, potentially crashing the device. Additionally, SSLVPN sessions can cause a memory leak in the device.

Recommendations For Cisco IOS versions 12.3 through 12.4, update to a version that includes the software updates released by Cisco to address these vulnerabilities. As a temporary workaround, consider restricting access to the SSLVPN feature until a patch is available. Avoid using the SSLVPN feature in Cisco IOS WebVPN and Cisco IOS SSLVPN until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability, however, Cisco has released software updates that address these vulnerabilities.