[原文]Cisco PIX firewall 6.2.x through 6.2.3, when configured as a VPN Client, allows remote attackers to cause a denial of service (dropped IPSec tunnel connection) via an IKE Phase I negotiation request to the outside interface of the firewall.
Cisco PIX VPNC External Interface IKE Phase 1 Packet Remote DoS
Remote / Network Access
Denial of Service
Loss of Availability
Cisco Pix Version 6.2.3 contains a flaw that may allow a remote denial of service. The issue is triggered when a remote attacker attempts to establish an IKE Phase I negotiation with the vulnerable client to cause the client to drop an existing VPNC IPSec tunnel connection, which would result in a denial of service for the existing IPSec session.
Upgrade to the latest version for your device, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.