Cisco VPN 3000 series concentrators running software 4.7.0 through 4.7.2.A allow remote attackers to cause a denial of service (device reload or user disconnect) via a crafted HTTP packet.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Vpn_3000_concentrator_series_software | Cisco | 4.7 (including) | 4.7 (including) |
| Vpn_3000_concentrator_series_software | Cisco | 4.7(rel) (including) | 4.7(rel) (including) |
| Vpn_3000_concentrator_series_software | Cisco | 4.7.1 (including) | 4.7.1 (including) |
| Vpn_3000_concentrator_series_software | Cisco | 4.7.1.f (including) | 4.7.1.f (including) |
| Vpn_3000_concentrator_series_software | Cisco | 4.7.2 (including) | 4.7.2 (including) |
| Vpn_3000_concentrator_series_software | Cisco | 4.7.2.a (including) | 4.7.2.a (including) |
| Vpn_3030_concentator | Cisco | 4.7(rel) (including) | 4.7(rel) (including) |
| Vpn_3030_concentator | Cisco | 4.7.1 (including) | 4.7.1 (including) |
| Vpn_3030_concentator | Cisco | 4.7.1.f (including) | 4.7.1.f (including) |
| Vpn_3030_concentator | Cisco | 4.7.2 (including) | 4.7.2 (including) |
| Vpn_3030_concentator | Cisco | 4.7.2.a (including) | 4.7.2.a (including) |
References
- http://secunia.com/advisories/18629
- http://securityreason.com/securityalert/375
- http://securitytracker.com/id?1015546
- http://www.cisco.com/warp/public/707/cisco-sa-20060126-vpn.shtml
- http://www.osvdb.org/22754
- http://www.securityfocus.com/bid/16394
- http://www.vupen.com/english/advisories/2006/0346
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24330
- http://secunia.com/advisories/18629
- http://securityreason.com/securityalert/375
- http://securitytracker.com/id?1015546
- http://www.cisco.com/warp/public/707/cisco-sa-20060126-vpn.shtml
- http://www.osvdb.org/22754
- http://www.securityfocus.com/bid/16394
- http://www.vupen.com/english/advisories/2006/0346
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24330