ID
VAR-200608-0067
CVE
CVE-2006-4194
TITLE
Cisco PIX SIP Unauthorized implementation UDP Port forwarding vulnerability
Trust: 0.6
DESCRIPTION
Unspecified vulnerability in Cisco PIX 500 Series Security Appliances allows remote attackers to send arbitrary UDP packets to intranet devices via unspecified vectors involving Session Initiation Protocol (SIP) fixup commands, a different issue than CVE-2006-4032. NOTE: the vendor, after working with the researcher, has been unable to reproduce the issue. Cisco PIX is reportedly prone to an unauthorized UDP port-forwarding vulnerability. Attackers may exploit this issue to forward UDP datagrams to arbitrary hosts protected by affected firewall devices, potentially bypassing firewall rules. This may aid attackers in further attacks against computers protected by affected firewall devices. This BID will be updated as further information becomes available
Trust: 1.26
AFFECTED PRODUCTS
| vendor: | cisco | model: | pix firewall software | scope: | eq | version: | 6.3 | Trust: 1.6 |
| vendor: | cisco | model: | pix firewall 506 | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | cisco | model: | pix firewall 520 | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | cisco | model: | pix firewall 525 | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | cisco | model: | pix firewall 535 | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | cisco | model: | pix firewall 501 | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | cisco | model: | pix firewall 515 | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | cisco | model: | pix firewall 515e | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | cisco | model: | pix firewall 515e | scope: | - | version: | - | Trust: 0.9 |
| vendor: | cisco | model: | pix firewall | scope: | eq | version: | 6.3 | Trust: 0.9 |
| vendor: | cisco | model: | pix firewall 506 | scope: | - | version: | - | Trust: 0.6 |
| vendor: | cisco | model: | pix firewall 535 | scope: | - | version: | - | Trust: 0.6 |
| vendor: | cisco | model: | pix firewall 501 | scope: | - | version: | - | Trust: 0.6 |
| vendor: | cisco | model: | pix firewall 515 | scope: | - | version: | - | Trust: 0.6 |
| vendor: | cisco | model: | pix firewall 520 | scope: | - | version: | - | Trust: 0.6 |
| vendor: | cisco | model: | pix firewall 525 | scope: | - | version: | - | Trust: 0.6 |
| vendor: | cisco | model: | pix firewall | scope: | eq | version: | 5350 | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | eq | version: | 5256.3 | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | eq | version: | 525 | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | eq | version: | 520 | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | eq | version: | 515 | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | eq | version: | 5060 | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | eq | version: | 5010 | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | eq | version: | 6.3.5(112) | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | eq | version: | 6.3.3(133) | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | eq | version: | 6.3.2 | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | eq | version: | 6.3.1 | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | eq | version: | 6.3(5) | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | eq | version: | 6.3(3.109) | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | eq | version: | 6.3(3.102) | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | eq | version: | 6.3(3) | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | eq | version: | 6.3(1) | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | eq | version: | 6.2.3(110) | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | eq | version: | 6.2.3 | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | eq | version: | 6.2.2.111 | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | eq | version: | 6.2.2 | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | eq | version: | 6.2.1 | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | eq | version: | 6.2(3.100) | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | eq | version: | 6.2(3) | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | eq | version: | 6.2(2) | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | eq | version: | 6.2(1) | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | eq | version: | 6.2 | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | eq | version: | 6.1.5(104) | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | eq | version: | 6.1.5 | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | eq | version: | 6.1.4 | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | eq | version: | 6.1.3 | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | eq | version: | 6.1(5) | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | eq | version: | 6.1(4) | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | eq | version: | 6.1(3) | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | eq | version: | 6.1(2) | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | eq | version: | 6.1(1) | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | eq | version: | 6.1 | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | eq | version: | 6.0.4 | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | eq | version: | 6.0.3 | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | eq | version: | 6.0(4.101) | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | eq | version: | 6.0(4) | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | eq | version: | 6.0(2) | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | eq | version: | 6.0(1) | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | eq | version: | 6.0 | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | eq | version: | 5.3(3) | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | eq | version: | 5.3(2) | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | eq | version: | 5.3(1.200) | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | eq | version: | 5.3(1) | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | eq | version: | 5.3 | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | eq | version: | 5.2(9) | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | eq | version: | 5.2(7) | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | eq | version: | 5.2(6) | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | eq | version: | 5.2(5) | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | eq | version: | 5.2(3.210) | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | eq | version: | 5.2(2) | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | eq | version: | 5.2(1) | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | eq | version: | 5.2 | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | eq | version: | 5.1.4 | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | eq | version: | 5.1(4.206) | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | eq | version: | 5.1 | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | eq | version: | 5.0 | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | eq | version: | 4.4(8) | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | eq | version: | 4.4(7.202) | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | eq | version: | 4.4(4) | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | eq | version: | 4.4 | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | eq | version: | 4.3 | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | eq | version: | 4.2.2 | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | eq | version: | 4.2.1 | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | eq | version: | 4.2(5) | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | eq | version: | 4.2 | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall b | scope: | eq | version: | 4.1.6 | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | eq | version: | 4.1.6 | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | eq | version: | 4.0 | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | eq | version: | 3.1 | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | eq | version: | 3.0 | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | eq | version: | 2.7 | Trust: 0.3 |
| vendor: | cisco | model: | gigabit switch router del | scope: | eq | version: | 6.1 | Trust: 0.3 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | NVD-CWE-Other | Trust: 1.0 |
THREAT TYPE
remote
Trust: 0.6
TYPE
Design Error
Trust: 0.9
EXTERNAL IDS
| db: | BID | id: | 19536 | Trust: 2.0 |
| db: | NVD | id: | CVE-2006-4194 | Trust: 1.7 |
| db: | OSVDB | id: | 29781 | Trust: 1.7 |
| db: | CNNVD | id: | CNNVD-200608-265 | Trust: 0.7 |
| db: | CISCO | id: | 20060815 UNCONFIRMED SIP INSPECTION VULNERABILITY | Trust: 0.6 |
| db: | VULHUB | id: | VHN-20302 | Trust: 0.1 |
REFERENCES
| url: | http://www.cisco.com/en/us/products/hw/vpndevc/ps2030/tsd_products_security_response09186a008070d33b.html | Trust: 2.0 |
| url: | http://www.securityfocus.com/bid/19536 | Trust: 1.7 |
| url: | http://www.idoel.smilejogja.com/2006/08/14/blinded-by-the-glare-of-facial-piercings-at-black-hat-or-the-one-that-got-away/ | Trust: 1.7 |
| url: | http://www.networkworld.com/news/2006/080406-black-hat-unpatched-flaw-revealed.html?t5 | Trust: 1.7 |
| url: | http://www.osvdb.org/29781 | Trust: 1.7 |
| url: | http://searchsecurity.techtarget.com/originalcontent/0%2c289142%2csid14_gci1207450%2c00.html | Trust: 1.0 |
| url: | http://searchsecurity.techtarget.com/originalcontent/0,289142,sid14_gci1207450,00.html | Trust: 0.7 |
| url: | http://www.cisco.com/en/us/products/sw/secursw/ps2120/index.html | Trust: 0.3 |
CREDITS
Hendrik Scholz discovered this issue.
Trust: 0.9
SOURCES
| db: | VULHUB | id: | VHN-20302 |
| db: | BID | id: | 19536 |
| db: | CNNVD | id: | CNNVD-200608-265 |
| db: | NVD | id: | CVE-2006-4194 |
LAST UPDATE DATE
2024-08-14T14:08:27.366000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-20302 | date: | 2018-10-30T00:00:00 |
| db: | BID | id: | 19536 | date: | 2006-08-16T17:50:00 |
| db: | CNNVD | id: | CNNVD-200608-265 | date: | 2006-08-24T00:00:00 |
| db: | NVD | id: | CVE-2006-4194 | date: | 2024-08-07T19:15:42.793 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-20302 | date: | 2006-08-17T00:00:00 |
| db: | BID | id: | 19536 | date: | 2006-08-04T00:00:00 |
| db: | CNNVD | id: | CNNVD-200608-265 | date: | 2006-08-16T00:00:00 |
| db: | NVD | id: | CVE-2006-4194 | date: | 2006-08-17T01:04:00 |