SecurityTeam US - Cisco VPN Concentrator 3000 Series HTTPS Packet Denial of Service


	Contribute : Advanced Search : Web Resources : Polls : File Repository

Poll
What would you like to see on SecurityTeamUS? More News Product Reviews HowTo's Custom RPM/Packages/Tools Other (Please leave comment) Results 96 votes \| 0 comments

Topics
Home Apache Apple Application Software Cisco Systems Database Servers Internet Explorer Linux Macromedia Microsoft Mozilla/Firefox Phishing/ID Theft Real Networks Security News Sun Microsystems Web Appliances/Devices Web Scripts Wi-Fi

Virus Alerts
17 Apr 2011 Troj/Mdrop-DKE 17 Apr 2011 Troj/Sasfis-O 17 Apr 2011 Troj/Keygen-FU 17 Apr 2011 Troj/Zbot-AOY 17 Apr 2011 Troj/Zbot-AOW 17 Apr 2011 W32/Womble-E 17 Apr 2011 Troj/VB-FGD 17 Apr 2011 Troj/FakeAV-DFF 17 Apr 2011 Troj/SWFLdr-W 17 Apr 2011 W32/RorpiaMem-A

Events
There are no upcoming events

Welcome to SecurityTeam US
Monday, February 06 2012 @ 11:59 AM EST

Cisco VPN Concentrator 3000 Series HTTPS Packet Denial of Service

Wednesday, April 06 2005 @ 11:11 PM EDT

A vulnerability has been reported in Cisco VPN Concentrator 3000 Series, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an unspecified error within the SSL handling and can be exploited to cause a vulnerable device to reload and/or drop user connections by sending specially crafted HTTPS packets to the device.

Successful exploitation requires that the HTTPS service is enabled (not enabled by default) and can be accessed by the malicious person.

The vulnerability affects devices running software version 4.1.7.A and prior.

OPERATING SYSTEM:
Cisco VPN 3002 Hardware Client 4.x
Cisco VPN 3002 Hardware Client 3.x
Cisco VPN 3000 Concentrator

SOLUTION:
Update to software version 4.1.7.B or later.

Only trusted hosts and network management workstations should be able
to access the HTTPS web management interface.

PROVIDED AND/OR DISCOVERED BY:
Reported by vendor.

ORIGINAL ADVISORY:
http://www.cisco.com/warp/public/707/cisco-sa-20050330-vpn3k.shtml

VERIFY ADVISORY:
http://secunia.com/advisories/14784/

Secunia Security Advisories

What's Related
http://www.cisco.com/wa... http://secunia.com/advi... More from Cisco Systems

Story Options
Mail Story to a Friend Printable Story Format

Cisco VPN Concentrator 3000 Series HTTPS Packet Denial of Service | 0 comments | Create New Account

The following comments are owned by whomever posted them. This site is not responsible for what they say.

Dedicated Servers
Created this page in 0.15 seconds