| VID |
29069 |
| Severity |
30 |
| Port |
161 |
| Protocol |
UDP |
| Class |
CISCO |
| Detailed Description |
Cisco VPN concentrator has a PPTP, IPSEC internal authentication login vulnerability(CISCO Bug ID CSCdt56514). This vulnerability can allow unintended access to the network serviced by the VPN 3000 series concentrator. If a Cisco VPN 3000 series concentrator is set up for internal authentication with only group accounts configured and no user accounts configured, then a remote VPN client using Point-to-Point Tunneling Protocol (PPTP) or (Internet Protocol Security) IPSEC authentication can use another client's group username and password to authenticate to the VPN concentrator to gain unauthorized access to the network.
* Note: This check solely relied on the version number of the remote system to assess this vulnerability, so this might be a false positive. Also, it requires a read access SNMP community string to collect the version number. To provide this access, add the valid community string to the check item, "snmp/guessable/r" from the Policy Editor.
* References:
http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml
* Platforms Affected:
VPN 3000 series concentrator 3.6(Rel)
VPN 3000 series concentrator 3.5(Rel) to 3.5.4
The earlier VPN 3000 series concentrator version than 3.1.2
The earlier VPN 3000 series concentrator version than 3.0.3(B)
VPN 3000 series concentrator 2.x.x |
| Recommendation |
Upgrade to the fixed version of Cisco VPN concentrator, as listed in below:
- 3.6.1 or later
- 3.5.5 or later
- 3.1.2 or later for 3.1.x releases
- 3.0.3(B) or later for 3.0.x releases
Upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com/kobayashi/sw-center/vpn/3000/ .
As a workaround, use external authentication like TACACS+ or RADIUS if possible.
For details, see http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml |
| Related URL |
CVE-2002-1092 (CVE) |
| Related URL |
5609,5613 (SecurityFocus) |
| Related URL |
10019,10020,10021,10022,10023,10024,10025,10026,10027,10028 (ISS) |
|
