| VID |
29050 |
| Severity |
20 |
| Port |
161 |
| Protocol |
UDP |
| Class |
CISCO |
| Detailed Description |
The Cisco VPN concentrator has a certificate password disclosure vulnerability(CISCO Bug ID CSCdw50657). This vulnerability can allow unintended disclosure of passwords on an administrative user accessed HTML page. On the Certificate Management HTML pages for the Cisco VPN 3000 series concentrator it is possible for administrative users to observe the unencrypted certificate password in clear text upon viewing the source of the web page.
* Note: This check solely relied on the version number of the remote system to assess this vulnerability, so this might be a false positive. Also, it requires a read access SNMP community string to collect the version number. To provide this access, add the valid community string to the check item, "snmp/guessable/r" from the Policy Editor.
* References:
http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml
http://www.ciac.org/ciac/bulletins/m-119.shtml
* Platforms Affected:
Cisco VPN 3000 series concentrator 2.x.x, 3.0.x, 3.1.x, and the earlier than 3.5.2 |
| Recommendation |
Upgrade to the Cisco VPN 3000 series concentrator version 3.6(Rel) or later, or 3.5.2 or later. Upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com/kobayashi/sw-center/vpn/3000/ .
As a workaround, restrict access to the HTML interface such that connections are permitted only from trusted sources.
For details, see http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml . |
| Related URL |
CVE-2002-1097 (CVE) |
| Related URL |
5609,5612 (SecurityFocus) |
| Related URL |
10022 (ISS) |
|
