| VID |
29044 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CISCO |
| Detailed Description |
The Cisco VPN 3000 series concentrator has multiple vulnerabilities. These vulnerabilities are documented as Cisco bug ID CSCea77143 (IPSec over TCP), CSCdz15393 (SSH), and CSCdt84906 (ICMP).
1. CSCea77143 - Enabling IPSec over TCP for a port on the VPN 3000 series concentrator allows TCP traffic on that port to traverse through the concentrator and reach the private network.
2. CSCdz15393 - A malformed SSH initialization packet sent during the initial SSH session setup may reload the VPN 3000 series concentrator.
3. CSCdt84906 - A flood of malformed ICMP packets could result in performance degradation on the VPN 3000 series concentrator and may even cause the concentrator to reload.
* Note: This check solely relies on the version number of the remote system to assess this vulnerability, so this may be a false positive. Also, it requires a read access SNMP community string to collect the version number. To provide this access, add the valid community string to the check item, "snmp/guessable/r" from the Policy Editor.
* References:
http://www.cisco.com/warp/public/707/cisco-sa-20030507-vpn3k.shtml
http://www.ciac.org/ciac/bulletins/n-093.shtml
* Platforms Affected:
2.x.x
3.x.x prior to 3.6.7F
4.x.x prior to 4.0.1 |
| Recommendation |
Upgrade to the latest version of VPN 3000 series concentrator (4.0.1 or 3.6.7F and later). Upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com/tacpage/sw-center/vpn/3000/ .
Workarounds:
For CSCdt84906 :
Add rules, to the filter for the private interface, that restrict outgoing traffic on ports configured for use by IPSec over TCP on the VPN concentrator. This would not stop the traffic from the public network reaching the VPN 3000 concentrator itself but would prevent the traffic from reaching the servers on the private network.
For CSCdt84906 :
Restrict access to the SSH server on the VPN 3000 series concentrator by applying appropriate rules to the filters for the interfaces such that connections are permitted only from trusted client hosts.
For CSCdt84906 :
Only allow legitimate ICMP traffic to reach the VPN 3000 series concentrator's interface.
For details, See http://www.cisco.com/warp/public/707/cisco-sa-20030507-vpn3k.shtml |
| Related URL |
CVE-2003-0258,CVE-2003-0259,CVE-2003-0260 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
11954,11955,11956 (ISS) |
|
