Denial of Service Vulnerability in Cisco Firewall Services Module
CVE-2007-0964

Currently unrated

Key Information:

Vendor: Cisco
Status: Firewall Services Module
Vendor: CVE Published:; 16 February 2007

Summary

Cisco Firewall Services Module (FWSM) versions prior to 3.1(3.18) are susceptible to a denial of service condition due to improper handling of specific authentication configurations. When configured with 'aaa authentication match' or 'aaa authentication include', the device can be rendered inoperable by a remote attacker sending a malformed HTTPS request, resulting in an unexpected reboot and potential service disruption.

References

http://www.vupen.com/english/advisories/2007/0609

vdb-entryx_refsource_VUPEN

http://www.securityfocus.com/bid/22561

vdb-entryx_refsource_BID

http://secunia.com/advisories/24172

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Feb 16, 2007
Vulnerability Reserved
Feb 15, 2007