ID

VAR-200601-0023


CVE

CVE-2006-0483


TITLE

Cisco VPN 3000 series concentrator Service disruption in software (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2006-003856

DESCRIPTION

Cisco VPN 3000 series concentrators running software 4.7.0 through 4.7.2.A allow remote attackers to cause a denial of service (device reload or user disconnect) via a crafted HTTP packet. A successful attack can cause the device to hang, completely denying further service to legitimate users. Cisco has documented this issue as Bug IDs CSCsb77324 and CSCsd26340. The vulnerability is caused due to an error when processing HTTP packets. Successful exploitation requires that the HTTP service is enabled (default setting). The vulnerability has been reported in software versions 4.7.0 through 4.7.2.A (including version 4.7REL). Software versions prior to 4.7.x are not affected. SOLUTION: Update to software version 4.7.2.B or later. http://www.cisco.com/pcgi-bin/tablebuild.pl/vpn3000-3des Disable the HTTP service. PROVIDED AND/OR DISCOVERED BY: Discussed at the Schmoocon security conference. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20060126-vpn.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2006-0483 // JVNDB: JVNDB-2006-003856 // BID: 16394 // VULHUB: VHN-16591 // PACKETSTORM: 43446

AFFECTED PRODUCTS

vendor:ciscomodel:vpn 3030 concentatorscope:eqversion:4.7.1.f

Trust: 1.6

vendor:ciscomodel:vpn 3030 concentatorscope:eqversion:4.7.2.a

Trust: 1.6

vendor:ciscomodel:vpn 3030 concentatorscope:eqversion:4.7.2

Trust: 1.0

vendor:ciscomodel:vpn 3000 concentrator series softwarescope:eqversion:4.7\(rel\)

Trust: 1.0

vendor:ciscomodel:vpn 3000 concentrator series softwarescope:eqversion:4.7.2

Trust: 1.0

vendor:ciscomodel:vpn 3000 concentrator series softwarescope:eqversion:4.7.1.f

Trust: 1.0

vendor:ciscomodel:vpn 3030 concentatorscope:eqversion:4.7.1

Trust: 1.0

vendor:ciscomodel:vpn 3000 concentrator series softwarescope:eqversion:4.7.2.a

Trust: 1.0

vendor:ciscomodel:vpn 3000 concentrator series softwarescope:eqversion:4.7.1

Trust: 1.0

vendor:ciscomodel:vpn 3000 concentrator series softwarescope:eqversion:4.7

Trust: 1.0

vendor:ciscomodel:vpn 3030 concentatorscope:eqversion:4.7\(rel\)

Trust: 1.0

vendor:ciscomodel:vpn 3005 concentratorscope:eqversion:4.7.0 to 4.7.2.a

Trust: 0.8

vendor:ciscomodel:vpn 3015 concentratorscope:eqversion:4.7.0 to 4.7.2.a

Trust: 0.8

vendor:ciscomodel:vpn 3020 concentratorscope:eqversion:4.7.0 to 4.7.2.a

Trust: 0.8

vendor:ciscomodel:vpn 3030 concentatorscope:eqversion:4.7.0 to 4.7.2.a

Trust: 0.8

vendor:ciscomodel:vpn 3060 concentratorscope:eqversion:4.7.0 to 4.7.2.a

Trust: 0.8

vendor:ciscomodel:vpn 3080 concentratorscope:eqversion:4.7.0 to 4.7.2.a

Trust: 0.8

vendor:ciscomodel:vpn 3060 concentratorscope:eqversion:4.7\(rel\)

Trust: 0.6

vendor:ciscomodel:vpn 3080 concentratorscope:eqversion:4.7.2.a

Trust: 0.6

vendor:ciscomodel:vpn 3060 concentratorscope:eqversion:4.7.2

Trust: 0.6

vendor:ciscomodel:vpn 3060 concentratorscope:eqversion:4.7.1

Trust: 0.6

vendor:ciscomodel:vpn 3060 concentratorscope:eqversion:4.7.1.f

Trust: 0.6

vendor:ciscomodel:vpn 3015 concentratorscope:eqversion:4.7.2

Trust: 0.6

vendor:ciscomodel:vpn 3060 concentratorscope:eqversion:4.7

Trust: 0.6

vendor:ciscomodel:vpn 3005 concentratorscope:eqversion:4.7

Trust: 0.6

vendor:ciscomodel:vpn concentrator ascope:eqversion:30804.7.2

Trust: 0.3

vendor:ciscomodel:vpn concentrator fscope:eqversion:30804.7.1

Trust: 0.3

vendor:ciscomodel:vpn concentratorscope:eqversion:30804.7.1

Trust: 0.3

vendor:ciscomodel:vpn concentratorscope:eqversion:30804.7

Trust: 0.3

vendor:ciscomodel:vpn concentrator relscope:eqversion:30804.7

Trust: 0.3

vendor:ciscomodel:vpn concentrator ascope:eqversion:30604.7.2

Trust: 0.3

vendor:ciscomodel:vpn concentratorscope:eqversion:30604.7.2

Trust: 0.3

vendor:ciscomodel:vpn concentrator fscope:eqversion:30604.7.1

Trust: 0.3

vendor:ciscomodel:vpn concentratorscope:eqversion:30604.7.1

Trust: 0.3

vendor:ciscomodel:vpn concentratorscope:eqversion:30604.7

Trust: 0.3

vendor:ciscomodel:vpn concentrator relscope:eqversion:30604.7

Trust: 0.3

vendor:ciscomodel:vpn concentrator ascope:eqversion:30304.7.2

Trust: 0.3

vendor:ciscomodel:vpn concentratorscope:eqversion:30304.7.2

Trust: 0.3

vendor:ciscomodel:vpn concentrator fscope:eqversion:30304.7.1

Trust: 0.3

vendor:ciscomodel:vpn concentratorscope:eqversion:30304.7.1

Trust: 0.3

vendor:ciscomodel:vpn concentratorscope:eqversion:30304.7

Trust: 0.3

vendor:ciscomodel:vpn concentrator relscope:eqversion:30304.7

Trust: 0.3

vendor:ciscomodel:vpn concentrator ascope:eqversion:30204.7.2

Trust: 0.3

vendor:ciscomodel:vpn concentratorscope:eqversion:30204.7.2

Trust: 0.3

vendor:ciscomodel:vpn concentrator fscope:eqversion:30204.7.1

Trust: 0.3

vendor:ciscomodel:vpn concentratorscope:eqversion:30204.7.1

Trust: 0.3

vendor:ciscomodel:vpn concentratorscope:eqversion:30204.7

Trust: 0.3

vendor:ciscomodel:vpn concentrator relscope:eqversion:30204.7

Trust: 0.3

vendor:ciscomodel:vpn concentrator ascope:eqversion:30154.7.2

Trust: 0.3

vendor:ciscomodel:vpn concentratorscope:eqversion:30154.7.2

Trust: 0.3

vendor:ciscomodel:vpn concentrator fscope:eqversion:30154.7.1

Trust: 0.3

vendor:ciscomodel:vpn concentratorscope:eqversion:30154.7.1

Trust: 0.3

vendor:ciscomodel:vpn concentratorscope:eqversion:30154.7

Trust: 0.3

vendor:ciscomodel:vpn concentrator relscope:eqversion:30154.7

Trust: 0.3

vendor:ciscomodel:vpn concentrator ascope:eqversion:30054.7.2

Trust: 0.3

vendor:ciscomodel:vpn concentratorscope:eqversion:30054.7.2

Trust: 0.3

vendor:ciscomodel:vpn concentrator fscope:eqversion:30054.7.1

Trust: 0.3

vendor:ciscomodel:vpn concentratorscope:eqversion:30054.7.1

Trust: 0.3

vendor:ciscomodel:vpn concentratorscope:eqversion:30054.7

Trust: 0.3

vendor:ciscomodel:vpn concentrator relscope:eqversion:30054.7

Trust: 0.3

vendor:ciscomodel:vpn concentrator fscope:neversion:30804.7.2

Trust: 0.3

vendor:ciscomodel:vpn concentrator lscope:neversion:30804.1.7

Trust: 0.3

vendor:ciscomodel:vpn concentrator fscope:neversion:30304.7.2

Trust: 0.3

vendor:ciscomodel:vpn concentrator lscope:neversion:30304.1.7

Trust: 0.3

vendor:ciscomodel:vpn concentrator fscope:neversion:30204.7.2

Trust: 0.3

vendor:ciscomodel:vpn concentrator lscope:neversion:30204.1.7

Trust: 0.3

vendor:ciscomodel:vpn concentrator fscope:neversion:30154.7.2

Trust: 0.3

vendor:ciscomodel:vpn concentrator lscope:neversion:30154.1.7

Trust: 0.3

vendor:ciscomodel:vpn concentrator fscope:neversion:30054.7.2

Trust: 0.3

vendor:ciscomodel:vpn concentrator lscope:neversion:30054.1.7

Trust: 0.3

sources: BID: 16394 // JVNDB: JVNDB-2006-003856 // CNNVD: CNNVD-200601-387 // NVD: CVE-2006-0483

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-0483
value: HIGH

Trust: 1.0

NVD: CVE-2006-0483
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200601-387
value: HIGH

Trust: 0.6

VULHUB: VHN-16591
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2006-0483
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-16591
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-16591 // JVNDB: JVNDB-2006-003856 // CNNVD: CNNVD-200601-387 // NVD: CVE-2006-0483

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-0483

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200601-387

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200601-387

CONFIGURATIONS

sources: JVNDB: JVNDB-2006-003856

PATCH

title:cisco-sa-20060126-vpn.shtmlurl:http://www.cisco.com/warp/public/707/cisco-sa-20060126-vpn.shtml

Trust: 0.8

title:18629url:http://secunia.com/advisories/18629

Trust: 0.8

sources: JVNDB: JVNDB-2006-003856

EXTERNAL IDS

db:NVDid:CVE-2006-0483

Trust: 2.5

db:BIDid:16394

Trust: 2.0

db:SECUNIAid:18629

Trust: 1.8

db:VUPENid:ADV-2006-0346

Trust: 1.7

db:SECTRACKid:1015546

Trust: 1.7

db:SREASONid:375

Trust: 1.7

db:OSVDBid:22754

Trust: 1.7

db:JVNDBid:JVNDB-2006-003856

Trust: 0.8

db:CNNVDid:CNNVD-200601-387

Trust: 0.7

db:CISCOid:20060126 CISCO VPN 3000 CONCENTRATOR VULNERABLE TO CRAFTED HTTP ATTACK

Trust: 0.6

db:XFid:24330

Trust: 0.6

db:VULHUBid:VHN-16591

Trust: 0.1

db:PACKETSTORMid:43446

Trust: 0.1

sources: VULHUB: VHN-16591 // BID: 16394 // JVNDB: JVNDB-2006-003856 // PACKETSTORM: 43446 // CNNVD: CNNVD-200601-387 // NVD: CVE-2006-0483

REFERENCES

url:http://www.cisco.com/warp/public/707/cisco-sa-20060126-vpn.shtml

Trust: 2.1

url:http://www.securityfocus.com/bid/16394

Trust: 1.7

url:http://www.osvdb.org/22754

Trust: 1.7

url:http://securitytracker.com/id?1015546

Trust: 1.7

url:http://secunia.com/advisories/18629

Trust: 1.7

url:http://securityreason.com/securityalert/375

Trust: 1.7

url:http://www.vupen.com/english/advisories/2006/0346

Trust: 1.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/24330

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-0483

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-0483

Trust: 0.8

url:http://www.frsirt.com/english/advisories/2006/0346

Trust: 0.6

url:http://xforce.iss.net/xforce/xfdb/24330

Trust: 0.6

url:http://www.cisco.com/en/us/products/sw/voicesw/ps4625/index.html

Trust: 0.3

url:http://www.esentire.com/news/vuln-cisco-vpn.html

Trust: 0.3

url:http://secunia.com/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/product/90/

Trust: 0.1

url:http://secunia.com/advisories/18629/

Trust: 0.1

url:http://www.cisco.com/pcgi-bin/tablebuild.pl/vpn3000-3des

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/about_secunia_advisories/

Trust: 0.1

sources: VULHUB: VHN-16591 // BID: 16394 // JVNDB: JVNDB-2006-003856 // PACKETSTORM: 43446 // CNNVD: CNNVD-200601-387 // NVD: CVE-2006-0483

CREDITS

Discovered by Eldon Sprickerhoff <eldons@eSentire.com>.

Trust: 0.9

sources: BID: 16394 // CNNVD: CNNVD-200601-387

SOURCES

db:VULHUBid:VHN-16591
db:BIDid:16394
db:JVNDBid:JVNDB-2006-003856
db:PACKETSTORMid:43446
db:CNNVDid:CNNVD-200601-387
db:NVDid:CVE-2006-0483

LAST UPDATE DATE

2024-11-23T22:32:30.876000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-16591date:2018-10-30T00:00:00
db:BIDid:16394date:2006-04-26T22:41:00
db:JVNDBid:JVNDB-2006-003856date:2014-03-11T00:00:00
db:CNNVDid:CNNVD-200601-387date:2006-02-13T00:00:00
db:NVDid:CVE-2006-0483date:2024-11-21T00:06:34.030

SOURCES RELEASE DATE

db:VULHUBid:VHN-16591date:2006-01-31T00:00:00
db:BIDid:16394date:2006-01-26T00:00:00
db:JVNDBid:JVNDB-2006-003856date:2014-03-11T00:00:00
db:PACKETSTORMid:43446date:2006-01-27T18:55:10
db:CNNVDid:CNNVD-200601-387date:2006-01-31T00:00:00
db:NVDid:CVE-2006-0483date:2006-01-31T20:03:00