Info

Disclosure

Mar 30, 2005

Discovery

Unknown

Dates

Exploit

Mar 30, 2005

Solution

Unknown

Description

Cisco 3000 series VPN conentrators contains a flaw that may allow a remote denial of service. The issue is triggered when a user sends specially crafted SSL requests to the concentrator, and will result in loss of availability for the concentrator.

Classification

Location: Remote/Network Access Required
Attack Type: Denial of Service
Impact: Loss of Availability
Exploit: Exploit Available
Disclosure: OSVDB Verified

Solution

Upgrade to version prior to 4.1.7.B or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround(s): Disable HTTPS access to the device and/or implement access control lists, to limit HTTPS access to the device.

Products

Cisco Systems, Inc.	VPN 3000 series	4.0x
		4.1.7A
		4.1.7
		4.1

References

Bugtraq ID: 12948
Other Advisory URL: http://www.cisco.com/warp/public/707/cisco-sa-20050330-vpn3k.shtml
ISS X-Force ID: 19903
Secunia Advisory ID: 14784
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-03/0899.html
CVE ID: 2005-0943 (see also: NVD)
Security Tracker: 1013609
Keyword: CSCeg11424

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Cisco Systems, Inc.

VPN 3000 series

References

Credit