12030: Cisco VPN 3000 Concentrator Vulnerable to Crafted HTTP Attack (cisco-sa-20060126-vpn) (CSCsd26340)

Cisco VPN 3000 Concentrator Vulnerable to Crafted HTTP Attack (cisco-sa-20060126-vpn) (CSCsd26340)

General Info

	TC:	12030
	Description:	The Cisco VPN 3000 series concentrators are a family of purpose-built, remote access Virtual Private Network (VPN) platforms for data encryption and authentication. The concentrator does not manage TCP connections to port 80 aggressively enough, leading to a scenario where memory and other resources are consumed with open connections. In specific scenarios, the concentrator will stall and drop user connections. The device must then be restarted via console access or by resetting power on the device. Alternatively, the device will recover automatically within about 20 minutes, however during this time the device is unavailable except via console access. The vulnerability affects devices running software version: 4.7.X < 4.7.2.F. 4.1.X < 4.1.7.L.
	TC Impact:	Gather Info
	Service:	snmp

Specific Operations and Actions:

	Vulnerability Publication:	January 26, 2006
	Advisory Copyright:	Cisco Systems, Inc.
	Summary:	The concentrator does not manage TCP connections to port 80 aggressively enough, leading to a scenario where memory and other resources are consumed with open connections.
	Risk:	High
	CVSS 2.0 metrics:	Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Complete
	CVSS 2.0 Base Score:	7.8

	Vulnerability Impact:	Denial of Service Attack Crash

	Host Impact:	Cause the device to halt and drop user connections. Memory and other resources consumptions. Drop user connections.
	Nature of Remediation:	Upgrade VPN Concentrator.

	Step required to fix the reported vulnerability:
	*** Solution type: Upgrade Software *** Obtain and install the appropriate release of the VPN Concentrator software. See references for more details.

Glossary and References :

	References:
	* CISCO: 20060126 Cisco VPN 3000 Concentrator Vulnerable to Crafted HTTP Attack http://www.cisco.com/warp/public/707/cisco-sa-20060126-vpn.shtml * BID: 16394 http://www.securityfocus.com/bid/16394 * FRSIRT: ADV-2006-0346 http://www.frsirt.com/english/advisories/2006/0346 * OSVDB: 22754 http://www.osvdb.org/22754 * SECTRACK: 1015546 http://securitytracker.com/id?1015546 * SECUNIA: 18629 http://secunia.com/advisories/18629 * SREASON: 375 http://securityreason.com/securityalert/375 * XF: cisco-vpn-http-dos(24330) http://xforce.iss.net/xforce/xfdb/24330

	CVE Link:	CVE-2006-0483

	Glossary:	CISCO Crash Denial of Service HTTP HTTPS IOS Memory Exhaustion SNMP Web browser

© 2003-2010 NexantiS Corporation (www.securescout.com)
SecureScout is a trademark of NexantiS
All Rights Reserved
All products names referenced herein are trademarks of their respective companies

SecureScout products are certified:
CVE Compatible
SANS TOP 20 Compatible
CVSS Compatible (Common Vulnerability Scoring System)