Cisco Systems Inc. on Wednesday published a security advisory warning that its VPN Concentrator 3000 may be vulnerable to a denial-of-service (DoS) attack.
The flaw, which has been categorized as "less critical" by third-party security information provider Secunia, may be exploited by malicious users by sending a specially crafted Secure Sockets Layer (SSL) attack to the concentrators, which could in turn force the device to reload or drop user connections.
Several 3000 series models are affected, including 3005, 3015, 3020, 3030, 3060 and 3080, as well as the Cisco VPN 3002 Hardware Client.
According to the networking giant, the vulnerability can be resolved by upgrading to software version 4.1.7.B or later.
Additionally, the issue can be mitigated by disabling HTTPS, or by blocking SSL connections to a concentrator using transit access control lists.