| VID |
29030 |
| Severity |
30 |
| Port |
161 |
| Protocol |
UDP |
| Class |
CISCO |
| Detailed Description |
The CISCO VPN concentrator has a LAN-to-LAN IPSEC tunnel vulnerability (Cisco bug ID CSCdx54675). This vulnerability can be exploited to initiate a denial of service attack.
The Cisco VPN 3000 series concentrator does not drop an incoming LAN-to-LAN connection even when it already has a security association for the same remote network with another device. Instead it disconnects the previously established connection and establishes a connection with the new device. The VPN concentrator also does not verify if the data coming across a LAN-to-LAN connection is being sourced from the correct network.
* Note: This check solely relied on the version number of the remote system to assess this vulnerability, so this might be a false positive. This check also requires a read access SNMP community string to collect the version number. To provide this access, add the valid community string to the check item, "snmp/guessable/r" from the Policy Editor.
* References:
http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml
* Platforms Affected:
Cisco VPN 3000 series concentrator earlier than 3.5.4
Cisco VPN 3000 series concentrator 3.1.x
Cisco VPN 3000 series concentrator 3.0.x
Cisco VPN 3000 series concentrator 2.x.x |
| Recommendation |
Upgrade to the Cisco VPN 3000 series concentrator version 3.5.4 or later, and 3.6(Rel) or later. Upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com/kobayashi/sw-center/vpn/3000/ .
For details, see http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
