CVE-2013-6686

Name of the Vulnerable Software and Affected Versions Cisco IOS versions 15.3(1)T2 and earlier

Description The issue is related to the SSL VPN implementation, specifically the Datagram Transport Layer Security (DTLS) function, which allows remote authenticated users to cause a denial of service (interface queue wedge) via crafted DTLS packets in an SSL session. This is due to improper processing of specific DTLS packets. An attacker could exploit this by creating an SSL session and sending crafted DTLS packets, causing the SSL VPN gateway interface to stop processing traffic when the queue is full. The vulnerability can be exploited by an authenticated, remote attacker.

Recommendations For Cisco IOS versions 15.3(1)T2 and earlier, update to a newer version that includes the fix for this issue, as confirmed by Cisco in their security notice. As a temporary workaround, consider restricting access to the DTLS function to minimize the risk of exploitation.