Vulnerabilities > CVE-2009-0626 - Resource Management Errors vulnerability in Cisco IOS

CVSS 7.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

COMPLETE

network

low complexity

cisco

CWE-399

nessus

NVD

Published: 2009-03-27

Updated: 2017-09-29

Summary

The SSLVPN feature in Cisco IOS 12.3 through 12.4 allows remote attackers to cause a denial of service (device reload or hang) via a crafted HTTPS packet.

Vulnerable Configurations

Part	Description	Count
OS	Cisco Cisco IOS 12.3 Cisco IOS 12.3B Cisco IOS 12.3Bc Cisco IOS 12.3Bw Cisco IOS 12.3Ja Cisco IOS 12.3Jea Cisco IOS 12.3Jeb Cisco IOS 12.3Jec Cisco IOS 12.3Jk Cisco IOS 12.3Jl Cisco IOS 12.3Jx Cisco IOS 12.3T Cisco IOS 12.3Tpc Cisco IOS 12.3Va Cisco IOS 12.3Xa Cisco IOS 12.3Xb Cisco IOS 12.3Xc Cisco IOS 12.3Xd Cisco IOS 12.3Xf Cisco IOS 12.3Xg Cisco IOS 12.3Xi Cisco IOS 12.3Xj Cisco IOS 12.3Xk Cisco IOS 12.3Xl Cisco IOS 12.3Xq Cisco IOS 12.3Xs Cisco IOS 12.3Xu Cisco IOS 12.3Xw Cisco IOS 12.3Xx Cisco IOS 12.3Xy Cisco IOS 12.3Xz Cisco IOS 12.3Ya Cisco IOS 12.3Yd Cisco IOS 12.3Yf Cisco IOS 12.3Yg Cisco IOS 12.3Yh Cisco IOS 12.3Yi Cisco IOS 12.3Yj Cisco IOS 12.3Yk Cisco IOS 12.3Ym Cisco IOS 12.3Yq Cisco IOS 12.3Ys Cisco IOS 12.3Yt Cisco IOS 12.3Yu Cisco IOS 12.3Yx Cisco IOS 12.3Yz Cisco IOS 12.4 Cisco IOS 12.4Ja Cisco IOS 12.4Jda Cisco IOS 12.4Jk Cisco IOS 12.4Jl Cisco IOS 12.4Jma Cisco IOS 12.4Jmb Cisco IOS 12.4Jx Cisco IOS 12.4Md Cisco IOS 12.4Mr Cisco IOS 12.4Sw Cisco IOS 12.4T Cisco IOS 12.4Xa Cisco IOS 12.4Xb Cisco IOS 12.4Xc Cisco IOS 12.4Xd Cisco IOS 12.4Xf Cisco IOS 12.4Xg Cisco IOS 12.4Xj Cisco IOS 12.4Xk Cisco IOS 12.4Xl Cisco IOS 12.4Xm Cisco IOS 12.4Xn Cisco IOS 12.4Xp Cisco IOS 12.4Xq Cisco IOS 12.4Xt Cisco IOS 12.4Xv Cisco IOS 12.4Xw Cisco IOS 12.4Xy Cisco IOS 12.4Xz Cisco IOS 12.4Ya	77

Common Weakness Enumeration (CWE)

CWE-399 - Resource Management Errors

Nessus

NASL family	CISCO
NASL id	CISCO-SA-20090325-WEBVPNHTTP.NASL
description	Cisco IOS software contains two vulnerabilities within the Cisco IOS WebVPN or Cisco IOS SSLVPN feature (SSLVPN) that can be remotely exploited without authentication to cause a denial of service condition. Both vulnerabilities affect both Cisco IOS WebVPN and Cisco IOS SSLVPN features: - Crafted HTTPS packet will crash device. (CVE-2009-0626) - SSLVPN sessions cause a memory leak in the device. (CVE-2009-0628) Cisco has released free software updates that address these vulnerabilities. There are no workarounds that mitigate these vulnerabilities.
last seen	2020-03-17
modified	2010-09-01
plugin id	49036
published	2010-09-01
reporter	This script is (C) 2010-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/49036
title	Cisco IOS Software WebVPN and SSLVPN Vulnerabilities - Cisco Systems
code	#TRUSTED 542ba511a2a533d65e2939df086dfa43b4a874e2a919d50117285766a6b83e38a236bee942ed2086618e8c94d49ef1f758ca0d0aec581319cbe21b18cc131b96bea184131b3e629ffb3f0516083c0e070415ff91bf06561d8c11d61c8ed3bd301b8cd89a621cf2ace4ca1b8972b809a882e8657ff6b2ae811c7bd8dec4b6bf7e203b1ae313b71bb21b230430ce8abfa97ee5f1a07081947571a02bb07ba6d347bd7fdf102ad54bcae6053955980d7ef6557b0439db76e4a6b16fe94835c8055067337ea173847a82ff72866309def39eed9e82cbed49fefddab33834e0de8a668356bd82fd33e2a2103dd8bacfe96c205b1ff1a0be941691ead2705a74aeb3be5734643b1c0628dd5d9221a574682fc8b6750f7b23392d803f0868498556922a9223da616e1c61313a352efdc249ddfde258ae8bfac97b8f0fd9351a9cce14c5cd64d81cb72e8aadca16c7d40a75f221d59aff184bb2025a9b1348461684c178f753f60f03f0bf671485c62ddfc3ddd6f426ac4e492f2b1bc671b7cbc261a5bf86ce4ad9e2e236ce25b2734bcebaee616ce839b6d3b906213ebe610cce8f576858e47ffb51fe7b179481422fd6ad0aefc286cef8246a2daf1896437ad27a11f5b5da433414cd00ef1795ec841a2ed3c055b17420d2c19bcf44b0be646cf657b1c7510aa1fec0b9d3d661916943580fcc0e7c96b0051300c12a13154c8a3e2786 # # (C) Tenable Network Security, Inc. # # Security advisory is (C) CISCO, Inc. # See https://www.cisco.com/en/US/products/products_security_advisory09186a0080a96c1f.shtml if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(49036); script_version("1.21"); script_set_attribute(attribute:"plugin_modification_date", value:"2018/11/15"); script_cve_id("CVE-2009-0626", "CVE-2009-0628"); script_bugtraq_id(34239); script_xref(name:"CISCO-BUG-ID", value:"CSCsk62253"); script_xref(name:"CISCO-BUG-ID", value:"CSCsw24700"); script_xref(name:"CISCO-SA", value:"cisco-sa-20090325-webvpn"); script_name(english:"Cisco IOS Software WebVPN and SSLVPN Vulnerabilities - Cisco Systems"); script_summary(english:"Checks the IOS version."); script_set_attribute(attribute:"synopsis", value:"The remote device is missing a vendor-supplied security patch."); script_set_attribute(attribute:"description", value: 'Cisco IOS software contains two vulnerabilities within the Cisco IOS WebVPN or Cisco IOS SSLVPN feature (SSLVPN) that can be remotely exploited without authentication to cause a denial of service condition. Both vulnerabilities affect both Cisco IOS WebVPN and Cisco IOS SSLVPN features: - Crafted HTTPS packet will crash device. (CVE-2009-0626) - SSLVPN sessions cause a memory leak in the device. (CVE-2009-0628) Cisco has released free software updates that address these vulnerabilities. There are no workarounds that mitigate these vulnerabilities. '); script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?604ac742"); # https://www.cisco.com/en/US/products/products_security_advisory09186a0080a96c1f.shtml script_set_attribute(attribute:"see_also", value: "http://www.nessus.org/u?a91cd0e5"); script_set_attribute(attribute:"solution", value: "Apply the relevant patch referenced in Cisco Security Advisory cisco-sa-20090325-webvpn."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(200); script_set_attribute(attribute:"plugin_type", value:"combined"); script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ios"); script_set_attribute(attribute:"vuln_publication_date", value:"2009/03/25"); script_set_attribute(attribute:"patch_publication_date", value:"2009/03/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/09/01"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is (C) 2010-2018 Tenable Network Security, Inc."); script_family(english:"CISCO"); script_dependencie("cisco_ios_version.nasl"); script_require_keys("Host/Cisco/IOS/Version"); exit(0); } include("audit.inc"); include("cisco_func.inc"); include("cisco_kb_cmd_func.inc"); flag = 0; override = 0; version = get_kb_item_or_exit("Host/Cisco/IOS/Version"); if (version == '12.4(15)XZ') flag++; else if (version == '12.4(15)XY3') flag++; else if (version == '12.4(15)XY2') flag++; else if (version == '12.4(15)XY1') flag++; else if (version == '12.4(15)XY') flag++; else if (version == '12.4(11)XW9') flag++; else if (version == '12.4(11)XW8') flag++; else if (version == '12.4(11)XW7') flag++; else if (version == '12.4(11)XW6') flag++; else if (version == '12.4(11)XW5') flag++; else if (version == '12.4(11)XW4') flag++; else if (version == '12.4(11)XW3') flag++; else if (version == '12.4(11)XW2') flag++; else if (version == '12.4(11)XW1') flag++; else if (version == '12.4(11)XW') flag++; else if (version == '12.4(11)XV1') flag++; else if (version == '12.4(11)XV') flag++; else if (version == '12.4(6)XT2') flag++; else if (version == '12.4(6)XT1') flag++; else if (version == '12.4(6)XT') flag++; else if (version == '12.4(6)XP') flag++; else if (version == '12.4(11)XJ4') flag++; else if (version == '12.4(11)XJ3') flag++; else if (version == '12.4(11)XJ2') flag++; else if (version == '12.4(11)XJ') flag++; else if (version == '12.4(6)XE3') flag++; else if (version == '12.4(6)XE2') flag++; else if (version == '12.4(6)XE1') flag++; else if (version == '12.4(6)XE') flag++; else if (version == '12.4(4)XD9') flag++; else if (version == '12.4(4)XD8') flag++; else if (version == '12.4(4)XD7') flag++; else if (version == '12.4(4)XD5') flag++; else if (version == '12.4(4)XD4') flag++; else if (version == '12.4(4)XD2') flag++; else if (version == '12.4(4)XD11') flag++; else if (version == '12.4(4)XD10') flag++; else if (version == '12.4(4)XD1') flag++; else if (version == '12.4(4)XD') flag++; else if (version == '12.4(4)XC7') flag++; else if (version == '12.4(4)XC6') flag++; else if (version == '12.4(4)XC5') flag++; else if (version == '12.4(4)XC4') flag++; else if (version == '12.4(4)XC3') flag++; else if (version == '12.4(4)XC2') flag++; else if (version == '12.4(4)XC1') flag++; else if (version == '12.4(4)XC') flag++; else if (version == '12.4(2)XB9') flag++; else if (version == '12.4(2)XB8') flag++; else if (version == '12.4(2)XB7') flag++; else if (version == '12.4(2)XB6') flag++; else if (version == '12.4(2)XB5') flag++; else if (version == '12.4(2)XB4') flag++; else if (version == '12.4(2)XB3') flag++; else if (version == '12.4(2)XB2') flag++; else if (version == '12.4(2)XB10') flag++; else if (version == '12.4(2)XB1') flag++; else if (version == '12.4(2)XB') flag++; else if (version == '12.4(2)XA2') flag++; else if (version == '12.4(2)XA1') flag++; else if (version == '12.4(2)XA') flag++; else if (version == '12.4(15)T6') flag++; else if (version == '12.4(15)T5') flag++; else if (version == '12.4(15)T4') flag++; else if (version == '12.4(15)T3') flag++; else if (version == '12.4(15)T2') flag++; else if (version == '12.4(15)T1') flag++; else if (version == '12.4(15)T') flag++; else if (version == '12.4(11)T4') flag++; else if (version == '12.4(11)T3') flag++; else if (version == '12.4(11)T2') flag++; else if (version == '12.4(11)T1') flag++; else if (version == '12.4(11)T') flag++; else if (version == '12.4(9)T7') flag++; else if (version == '12.4(9)T6') flag++; else if (version == '12.4(9)T5') flag++; else if (version == '12.4(9)T4') flag++; else if (version == '12.4(9)T3') flag++; else if (version == '12.4(9)T2') flag++; else if (version == '12.4(9)T1') flag++; else if (version == '12.4(9)T') flag++; else if (version == '12.4(6)T9') flag++; else if (version == '12.4(6)T8') flag++; else if (version == '12.4(6)T7') flag++; else if (version == '12.4(6)T6') flag++; else if (version == '12.4(6)T5') flag++; else if (version == '12.4(6)T4') flag++; else if (version == '12.4(6)T3') flag++; else if (version == '12.4(6)T2') flag++; else if (version == '12.4(6)T11') flag++; else if (version == '12.4(6)T10') flag++; else if (version == '12.4(6)T1') flag++; else if (version == '12.4(6)T') flag++; else if (version == '12.4(4)T8') flag++; else if (version == '12.4(4)T7') flag++; else if (version == '12.4(4)T6') flag++; else if (version == '12.4(4)T5') flag++; else if (version == '12.4(4)T4') flag++; else if (version == '12.4(4)T3') flag++; else if (version == '12.4(4)T2') flag++; else if (version == '12.4(4)T1') flag++; else if (version == '12.4(4)T') flag++; else if (version == '12.4(2)T6') flag++; else if (version == '12.4(2)T5') flag++; else if (version == '12.4(2)T4') flag++; else if (version == '12.4(2)T3') flag++; else if (version == '12.4(2)T2') flag++; else if (version == '12.4(2)T1') flag++; else if (version == '12.4(2)T') flag++; else if (version == '12.4(16)MR2') flag++; else if (version == '12.4(16)MR1') flag++; else if (version == '12.4(23)') flag++; else if (version == '12.4(21a)') flag++; else if (version == '12.4(21)') flag++; else if (version == '12.4(19b)') flag++; else if (version == '12.4(19a)') flag++; else if (version == '12.4(19)') flag++; else if (version == '12.4(18c)') flag++; else if (version == '12.4(18b)') flag++; else if (version == '12.4(18a)') flag++; else if (version == '12.4(18)') flag++; else if (version == '12.4(17b)') flag++; else if (version == '12.4(17a)') flag++; else if (version == '12.4(17)') flag++; else if (version == '12.4(16b)') flag++; else if (version == '12.4(16a)') flag++; else if (version == '12.4(16)') flag++; else if (version == '12.4(13f)') flag++; else if (version == '12.4(13e)') flag++; else if (version == '12.4(13d)') flag++; else if (version == '12.4(13c)') flag++; else if (version == '12.4(13b)') flag++; else if (version == '12.4(13a)') flag++; else if (version == '12.4(13)') flag++; else if (version == '12.4(12c)') flag++; else if (version == '12.4(12b)') flag++; else if (version == '12.4(12a)') flag++; else if (version == '12.4(12)') flag++; else if (version == '12.4(10c)') flag++; else if (version == '12.4(10b)') flag++; else if (version == '12.4(10a)') flag++; else if (version == '12.4(10)') flag++; else if (version == '12.4(8d)') flag++; else if (version == '12.4(8c)') flag++; else if (version == '12.4(8b)') flag++; else if (version == '12.4(8a)') flag++; else if (version == '12.4(8)') flag++; else if (version == '12.4(7h)') flag++; else if (version == '12.4(7g)') flag++; else if (version == '12.4(7f)') flag++; else if (version == '12.4(7e)') flag++; else if (version == '12.4(7d)') flag++; else if (version == '12.4(7c)') flag++; else if (version == '12.4(7b)') flag++; else if (version == '12.4(7a)') flag++; else if (version == '12.4(7)') flag++; else if (version == '12.4(5c)') flag++; else if (version == '12.4(5b)') flag++; else if (version == '12.4(5a)') flag++; else if (version == '12.4(5)') flag++; else if (version == '12.4(3j)') flag++; else if (version == '12.4(3i)') flag++; else if (version == '12.4(3h)') flag++; else if (version == '12.4(3g)') flag++; else if (version == '12.4(3f)') flag++; else if (version == '12.4(3e)') flag++; else if (version == '12.4(3d)') flag++; else if (version == '12.4(3c)') flag++; else if (version == '12.4(3b)') flag++; else if (version == '12.4(3a)') flag++; else if (version == '12.4(3)') flag++; else if (version == '12.4(1c)') flag++; else if (version == '12.4(1b)') flag++; else if (version == '12.4(1a)') flag++; else if (version == '12.4(1)') flag++; else if (version == '12.3(14)YU1') flag++; else if (version == '12.3(14)YU') flag++; else if (version == '12.3(14)YT1') flag++; else if (version == '12.3(14)YT') flag++; else if (version == '12.3(11)YS2') flag++; else if (version == '12.3(14)YQ8') flag++; else if (version == '12.3(14)YQ7') flag++; else if (version == '12.3(14)YQ6') flag++; else if (version == '12.3(14)YQ5') flag++; else if (version == '12.3(14)YQ4') flag++; else if (version == '12.3(14)YQ3') flag++; else if (version == '12.3(14)YQ2') flag++; else if (version == '12.3(14)YQ1') flag++; else if (version == '12.3(14)YQ') flag++; else if (version == '12.3(11)YK2') flag++; else if (version == '12.3(11)YK1') flag++; else if (version == '12.3(11)YK') flag++; else if (version == '12.3(14)T7') flag++; else if (version == '12.3(14)T6') flag++; else if (version == '12.3(14)T5') flag++; else if (version == '12.3(14)T3') flag++; else if (version == '12.3(14)T2') flag++; else if (version == '12.3(14)T1') flag++; else if (version == '12.3(14)T') flag++; if (get_kb_item("Host/local_checks_enabled")) { if (flag) { flag = 0; buf = cisco_command_kb_item("Host/Cisco/Config/show_running-config", "show running-config"); if (check_cisco_result(buf)) { m = eregmatch(pattern:"webvpn gateway([^!]+)!", string:buf); if ( (!isnull(m)) && ("inservice" >< m[1]) && ("ssl" >< m[1]) ) { flag = 1; } } else if (cisco_needs_enable(buf)) { flag = 1; override = 1; } } } if (flag) { security_hole(port:0, extra:cisco_caveat(override)); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

Oval

accepted

2010-06-21T04:00:09.972-04:00

class

vulnerability

contributors

name	Ronald Jones
organization	DTCC

description

attackers to cause a denial of service (device reload or hang) via a crafted HTTPS packet.

family

ios

oval:org.mitre.oval:def:6919

status

accepted

submitted

2010-03-26T11:06:36.000-04:00

title

Cisco IOS WebVPN/SSLVPN Multiple Denial of Service Vulnerabilities

version

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

Oval

References