| VID |
29032 |
| Severity |
30 |
| Port |
161 |
| Protocol |
UDP |
| Class |
CISCO |
| Detailed Description |
The CISCO VPN concentrator has a Windows PPTP client vulnerability (Cisco bug ID CSCdv66718). This vulnerability can be exploited to initiate a DOS attack.
Windows native PPTP clients connecting with the "No Encryption" option set can cause the Cisco VPN 3000 series concentrator, with encryption set, to reload.
* Note: This check solely relied on the version number of the remote system to assess this vulnerability, so this might be a false positive. This check also requires a read access SNMP community string to collect the version number. To provide this access, add the valid community string to the check item, "snmp/guessable/r" from the Policy Editor.
* References:
http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml
* Platforms Affected:
Cisco VPN 3000 series concentrator earlier than 2.5.2(F) |
| Recommendation |
Upgrade to the following fixed versions. These upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com/kobayashi/sw-center/vpn/3000/ :
3.6(Rel) or later
3.5(Rel) or later
3.1(Rel) or later
3.0(Rel) or later
2.5.2(F) or later
As a workaround, If possible configure the VPN 3000 series concentrator for IPSEC support only.
For details, see http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
