CVE-2012-3923

Name of the Vulnerable Software and Affected Versions Cisco IOS versions 12.4, 15.0, 15.1, and 15.2

Description The issue is related to the SSLVPN implementation in Cisco IOS, which does not properly handle certain outbound ACL configurations when DTLS is not enabled. This allows remote authenticated users to cause a denial of service (device crash) via a session involving a PPP over ATM (PPPoA) interface. An authenticated, remote attacker could exploit this by sending a series of malicious packets via an SSL VPN session that terminates over a PPP over ATM (PPPoA) interface of a targeted device, resulting in the device crashing and preventing authorized users from accessing network resources.

Recommendations For Cisco IOS versions 12.4, 15.0, 15.1, and 15.2, update to a fixed software version to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.