The transparent proxy feature of the Cisco Application Velocity System (AVS) 3110 5.0 and 4.0 and earlier, and 3120 5.0.0 and earlier, has a default configuration that allows remote attackers to proxy arbitrary TCP connections, aka Bug ID CSCsd32143.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Application_velocity_system_3110 | Cisco | 4.0 (including) | 4.0 (including) |
| Application_velocity_system_3110 | Cisco | 5.0 (including) | 5.0 (including) |
| Application_velocity_system_3120 | Cisco | 5.0 (including) | 5.0 (including) |
References
- http://secunia.com/advisories/20079
- http://securitytracker.com/id?1016056
- http://www.cisco.com/warp/public/707/cisco-sa-20060510-avs.shtml
- http://www.osvdb.org/25459
- http://www.securityfocus.com/bid/17937
- http://www.vupen.com/english/advisories/2006/1762
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26351
- http://secunia.com/advisories/20079
- http://securitytracker.com/id?1016056
- http://www.cisco.com/warp/public/707/cisco-sa-20060510-avs.shtml
- http://www.osvdb.org/25459
- http://www.securityfocus.com/bid/17937
- http://www.vupen.com/english/advisories/2006/1762
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26351