Details of VAR-200605-0093

ID

VAR-200605-0093

CVE

CVE-2006-2322

TITLE

Cisco Application Velocity System Open TCP Proxy server function default allocation Input validation vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200605-223

DESCRIPTION

The transparent proxy feature of the Cisco Application Velocity System (AVS) 3110 5.0 and 4.0 and earlier, and 3120 5.0.0 and earlier, has a default configuration that allows remote attackers to proxy arbitrary TCP connections, aka Bug ID CSCsd32143. This software fails to allow only valid TCP ports to be used by remote users. Remote attackers may use the affected software as an open TCP proxy. Attackers have exploited this to send unsolicited commercial email (UCE). Versions of AVS prior to 5.0.1 are vulnerable to this issue. The problem is caused due to insecure default settings allowing anyone to use the device as an open relay to any TCP service able to process data embedded in HTTP POST requests. The security issue affects the following products: * AVS 3110 versions 4.0 and 5.0 (and prior) * AVS 3120 version 5.0.0 (and prior) NOTE: According to Cisco PSIRT, the security issue is actively exploited to send unsolicited commercial e-mails and obscure the true originator. SOLUTION: Update to version 5.0.1. Software for AVS 3110: http://www.cisco.com/pcgi-bin/tablebuild.pl/AVS3110-5.0.1 Software for AVS 3120: http://www.cisco.com/pcgi-bin/tablebuild.pl/AVS3120-5.0.1 PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20060510-avs.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.35

sources: NVD: CVE-2006-2322 // BID: 17937 // VULHUB: VHN-18430 // PACKETSTORM: 46249

AFFECTED PRODUCTS

vendor:	cisco	model:	application velocity system 3110	scope:	eq	version:	4.0	Trust: 1.6
vendor:	cisco	model:	application velocity system 3110	scope:	eq	version:	5.0	Trust: 1.6
vendor:	cisco	model:	application velocity system 3120	scope:	eq	version:	5.0	Trust: 1.6
vendor:	cisco	model:	application velocity system	scope:	eq	version:	31205.0	Trust: 0.3
vendor:	cisco	model:	application velocity system	scope:	eq	version:	31105.0	Trust: 0.3
vendor:	cisco	model:	application velocity system	scope:	eq	version:	31104.0	Trust: 0.3
vendor:	cisco	model:	application velocity system	scope:	ne	version:	31205.0.1	Trust: 0.3
vendor:	cisco	model:	application velocity system	scope:	ne	version:	31105.0.1	Trust: 0.3

sources: BID: 17937 // CNNVD: CNNVD-200605-223 // NVD: CVE-2006-2322

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2006-2322
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200605-223
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-18430
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2006-2322
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-18430
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-18430 // CNNVD: CNNVD-200605-223 // NVD: CVE-2006-2322

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-2322

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200605-223

TYPE

access verification error

Trust: 0.6

sources: CNNVD: CNNVD-200605-223

EXTERNAL IDS

db:	BID	id:	17937	Trust: 2.0
db:	SECUNIA	id:	20079	Trust: 1.8
db:	SECTRACK	id:	1016056	Trust: 1.7
db:	VUPEN	id:	ADV-2006-1762	Trust: 1.7
db:	OSVDB	id:	25459	Trust: 1.7
db:	NVD	id:	CVE-2006-2322	Trust: 1.7
db:	CNNVD	id:	CNNVD-200605-223	Trust: 0.7
db:	XF	id:	26351	Trust: 0.6
db:	CISCO	id:	20060510 AVS TCP RELAY VULNERABILITY	Trust: 0.6
db:	VULHUB	id:	VHN-18430	Trust: 0.1
db:	PACKETSTORM	id:	46249	Trust: 0.1

sources: VULHUB: VHN-18430 // BID: 17937 // PACKETSTORM: 46249 // CNNVD: CNNVD-200605-223 // NVD: CVE-2006-2322

REFERENCES

url:	http://www.cisco.com/warp/public/707/cisco-sa-20060510-avs.shtml	Trust: 2.1
url:	http://www.securityfocus.com/bid/17937	Trust: 1.7
url:	http://www.osvdb.org/25459	Trust: 1.7
url:	http://securitytracker.com/id?1016056	Trust: 1.7
url:	http://secunia.com/advisories/20079	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2006/1762	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/26351	Trust: 1.1
url:	http://www.frsirt.com/english/advisories/2006/1762	Trust: 0.6
url:	http://xforce.iss.net/xforce/xfdb/26351	Trust: 0.6
url:	http://www.cisco.com/en/us/products/ps6492/index.html	Trust: 0.3
url:	http://secunia.com/advisories/20079/	Trust: 0.1
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://www.cisco.com/pcgi-bin/tablebuild.pl/avs3110-5.0.1	Trust: 0.1
url:	http://secunia.com/product/9889/	Trust: 0.1
url:	http://www.cisco.com/pcgi-bin/tablebuild.pl/avs3120-5.0.1	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1
url:	http://secunia.com/product/9890/	Trust: 0.1

sources: VULHUB: VHN-18430 // BID: 17937 // PACKETSTORM: 46249 // CNNVD: CNNVD-200605-223 // NVD: CVE-2006-2322

CREDITS

The vendor disclosed this issue.

Trust: 0.9

sources: BID: 17937 // CNNVD: CNNVD-200605-223

SOURCES

db:	VULHUB	id:	VHN-18430
db:	BID	id:	17937
db:	PACKETSTORM	id:	46249
db:	CNNVD	id:	CNNVD-200605-223
db:	NVD	id:	CVE-2006-2322

LAST UPDATE DATE

2024-08-14T13:39:44.970000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-18430	date:	2017-07-20T00:00:00
db:	BID	id:	17937	date:	2006-05-15T17:59:00
db:	CNNVD	id:	CNNVD-200605-223	date:	2006-05-12T00:00:00
db:	NVD	id:	CVE-2006-2322	date:	2017-07-20T01:31:22.507

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-18430	date:	2006-05-12T00:00:00
db:	BID	id:	17937	date:	2006-05-10T00:00:00
db:	PACKETSTORM	id:	46249	date:	2006-05-17T05:39:52
db:	CNNVD	id:	CNNVD-200605-223	date:	2006-05-11T00:00:00
db:	NVD	id:	CVE-2006-2322	date:	2006-05-12T00:02:00