Reported December 15, 2003 by Cisco.
All Cisco PIX Firewall devices that run the following the software versions:
CSCeb20276 (SNMPv3) 6.3.1; 6.2.2 and earlier; 6.1.4 and earlier; 5.x.x and earlier.
CSCec20244/CSCea28896 (VPNC) 6.2.3 and earlier (excluding versions 6.1.x and 5.x.x)
Two vulnerabilities in Cisco PIX Firewall devices can result in a Denial of Service (DoS) condition on the vulnerable system. These two vulnerabilities are as follows:
· The Cisco PIX firewall crashes and reloads while processing a received SNMPv3 message when snmp-server host <ip_addr> is configured on the Cisco PIX firewall. This happens even though the Cisco PIX firewall doesn't support SNMPv3.
· Under certain conditions, an established VPNC IPSec tunnel connection drops if another IPSec client attempts to initiate an IKE Phase I negotiation to the outside interface of the VPN Client-configured Cisco PIX Firewall.
Discovered by Cisco.