| VID |
29049 |
| Severity |
20 |
| Port |
161 |
| Protocol |
UDP |
| Class |
CISCO |
| Detailed Description |
The CISCO VPN concentrator has the user passwords disclosure vulnerability(CISCO Bug ID CSCdv88230, CSCdw22408). This vulnerability can allow unintended disclosure of passwords on non administrative user accessed HTML pages. On password containing HTML pages for the Cisco VPN 3000 series concentrator it is possible for restricted access administrative users to observe the password in clear text upon viewing the source of the web page without having the appropriate level of administrative access.
* Note: This check solely relied on the version number of the remote system to assess this vulnerability, so this might be a false positive. Also, it requires a read access SNMP community string to collect the version number. To provide this access, add the valid community string to the check item, "snmp/guessable/r" from the Policy Editor.
* References:
http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml
http://www.ciac.org/ciac/bulletins/m-119.shtml
* Platforms Affected:
Cisco VPN 3000 series concentrator 2.x.x
Cisco VPN 3000 series concentrator 3.0.x
Cisco VPN 3000 series concentrator prior to 3.1.4
Cisco VPN 3000 series concentrator prior to 3.5.1 |
| Recommendation |
Upgrade to the latest software version of Cisco VPN 3000 series concentrator (3.6(Rel) or later), (3.5.1 or later), or (3.1.4 or later). Upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com/kobayashi/sw-center/vpn/3000/ .
As a workaround, restrict access to the HTML interface such that connections are permitted only from trusted sources.
For details, see http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml . |
| Related URL |
CVE-2002-1096 (CVE) |
| Related URL |
5609,5611 (SecurityFocus) |
| Related URL |
10019 (ISS) |
|
