CVE-2009-0628Sensitive Information Exposure in Cisco IOS

CWE-200Sensitive Information Exposure4 documents4 sources
Severity
9.0CRITICALNVD
EPSS
1.6%
top 18.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS
Timeline
PublishedMar 27
Latest updateMay 2

Description

Memory leak in the SSLVPN feature in Cisco IOS 12.3 through 12.4 allows remote attackers to cause a denial of service (memory consumption and device crash) by disconnecting an SSL session in an abnormal manner, leading to a Transmission Control Block (TCB) leak.

CVSS vector

AV:N/AC:L/C:P/I:P/A:CExploitability: 10.0 | Impact: 8.5

Affected Packages1 packages

NVDcisco/cisco_ios12.3, 12.4+1

🔴Vulnerability Details

2
GHSA
GHSA-p6q5-7686-4mrq: Memory leak in the SSLVPN feature in Cisco IOS 122022-05-02
CVEList
CVE-2009-0628: Memory leak in the SSLVPN feature in Cisco IOS 122009-03-27

💬Community

1
Bugzilla
CVE-2010-0628 krb5: Assertion failure in GSSAPI SPNEGO mechanism (MITKRB5-SA-2010-002)2010-02-17