| VID |
29041 |
| Severity |
40 |
| Port |
161 |
| Protocol |
UDP |
| Class |
CISCO |
| Detailed Description |
The CISCO VPN concentrator has a telnet option handling vulnerability(CISCO Bug ID CSCdu82823). This vulnerability can be exploited to initiate a DoS attack. CISCO VPN 3000 series concentrators run telnetd daemon code derived from the BSD source and are vulnerable to a buffer overflow in the telnet option handling, which can cause the telnet daemon to crash and result in a VPN concentrator reload. Telnet is not permitted on the public interface of the VPN concentrator in the default configuration and is never permitted on the public interface of the VPN 3002 Hardware Client.
* Note: This check solely relied on the version number of the remote system to assess this vulnerability, so this might be a false positive. This check also requires a read access SNMP community string to collect the version number. To provide this access, add the valid community string to the check item, "snmp/guessable/r" from the Policy Editor.
* References:
http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml
http://www.cert.org/advisories/CA-2001-21.html
* Platforms Affected:
Cisco VPN 3000 series concentrator: 2.x.x and the earlier than 3.0.4 |
| Recommendation |
Upgrade to the Cisco VPN 3000 series concentrator version 3.6(Rel) or later, 3.5(Rel) or later, 3.1(Rel) or later, and 3.0.4 or later. Upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com/kobayashi/sw-center/vpn/3000/ .
As a workaround, restrict access to the telnet interface such that connections are permitted only from trusted sources.
For details, see http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml . |
| Related URL |
CVE-2001-0554 (CVE) |
| Related URL |
3064 (SecurityFocus) |
| Related URL |
6875 (ISS) |
|
