| VID |
29067 |
| Severity |
30 |
| Port |
161 |
| Protocol |
UDP |
| Class |
CISCO |
| Detailed Description |
The Cisco VPN 3000 series concentrator has multiple vulnerabilities in the XML filter and Web interfaces like the followings:
1. XML public rule vulnerability (Bug ID CSCdx07754) - If the XML filter configuration has been enabled, the "HTTPS on Public Inbound (XML-Auto)(forward/in)" rule is added to the public filter and protocol value is incorrectly set to "ANY" with the destination port set as "443". This can allow a remote attacker to gain unauthorized access to the network since the concentrator will then permit any protocol to access the concentrator through any port.
2. HTML pages access vulnerability (Bug ID CSCdx24622) - The affected device allows remote attackers to obtain potentially sensitive information without authentication by directly accessing certain HTML pages.
3. HTML login processing vulnerability (Bug ID CSCdx24632) - It is possible to cause the affected device to reload by modifying an HTML file and posting very large strings as the username/password while accessing the HTML interface on the VPN concentrator.
* Note: This check solely relied on the version number of the remote system to assess this vulnerability, so this might be a false positive. Also, it requires a read access SNMP community string to collect the version number. To provide this access, add the valid community string to the check item, "snmp/guessable/r" from the Policy Editor.
* References:
http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml
http://www.ciac.org/ciac/bulletins/m-119.shtml
* Platforms Affected:
Cisco VPN 3000 series concentrator release earlier than 3.5.3
Cisco VPN 3000 series concentrator release 3.1.x
Cisco VPN 3000 series concentrator release 3.0.x
Cisco VPN 3000 series concentrator release 2.x.x |
| Recommendation |
Upgrade to the latest version of Cisco VPN concentrator (3.6(Rel) or 3.5.3 and later). Upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com/kobayashi/sw-center/vpn/3000/ .
For detail descriptions and workarounds, see http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml |
| Related URL |
CVE-2002-1098,CVE-2002-1099,CVE-2002-1100 (CVE) |
| Related URL |
5609,5614,5616,5617 (SecurityFocus) |
| Related URL |
10023,10024,10025 (ISS) |
|
