Vulnerabilities > CVE-2010-2836 - Resource Management Errors vulnerability in Cisco IOS
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
COMPLETE Summary
Memory leak in the SSL VPN feature in Cisco IOS 12.4, 15.0, and 15.1, when HTTP port redirection is enabled, allows remote attackers to cause a denial of service (memory consumption) by improperly disconnecting SSL sessions, leading to connections that remain in the CLOSE-WAIT state, aka Bug ID CSCtg21685.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
| NASL family | CISCO |
| NASL id | CISCO-SA-20100922-SSLVPN.NASL |
| description | Cisco IOS Software contains a vulnerability when the Cisco IOS SSL VPN feature is configured with an HTTP redirect. Exploitation could allow a remote, unauthenticated user to cause a memory leak on the affected devices, that could result in a memory exhaustion condition that may cause device reloads, the inability to service new TCP connections, and other denial of service (DoS) conditions. Cisco has released free software updates that address this vulnerability. There is a workaround to mitigate this vulnerability. |
| last seen | 2019-10-28 |
| modified | 2012-01-10 |
| plugin id | 17785 |
| published | 2012-01-10 |
| reporter | This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/17785 |
| title | Cisco IOS SSL VPN Vulnerability (cisco-sa-20100922-sslvpn) |