CVSS: 5.0EPSS: 9%CPEs: 11EXPL: 0CVE-2006-4313 – Cisco VPN Concentrator 3000 FTP Unauthorized Administrative Access
https://notcve.org/view.php?id=CVE-2006-4313
Multiple unspecified vulnerabilities in Cisco VPN 3000 series concentrators before 4.1, 4.1.x up to 4.1(7)L, and 4.7.x up to 4.7(2)F allow attackers to execute the (1) CWD, (2) MKD, (3) CDUP, (4) RNFR, (5) SIZE, and (6) RMD FTP commands to modify files or create and delete directories via unknown vectors. Múltiples vulnerabilidades no especificadas en los concentradores de la serie Cisco VPN 3000 anteriores a 4.1, 4.1.x hasta 4.1(7)L, y 4.7.x hasta 4.7(2)F permiten a atacantes ejecutar los comandos (1) CWD, (2) MKD, (3) CDUP, (4) RNFR, (5) SIZE, y (6) RMD FTP para modificar archivos o crear y borrar directorios a través de vectores no especificados. • http://secunia.com/advisories/21617 http://securitytracker.com/id?1016737 http://www.cisco.com/warp/public/707/cisco-sa-20060823-vpn3k.shtml http://www.osvdb.org/28138 http://www.osvdb.org/28139 http://www.securityfocus.com/bid/19680 http://www.vupen.com/english/advisories/2006/3368 https://exchange.xforce.ibmcloud.com/vulnerabilities/28539 •
CVSS: 5.0EPSS: 5%CPEs: 138EXPL: 0CVE-2006-3906
https://notcve.org/view.php?id=CVE-2006-3906
Internet Key Exchange (IKE) version 1 protocol, as implemented on Cisco IOS, VPN 3000 Concentrators, and PIX firewalls, allows remote attackers to cause a denial of service (resource exhaustion) via a flood of IKE Phase-1 packets that exceed the session expiration rate. NOTE: it has been argued that this is due to a design weakness of the IKE version 1 protocol, in which case other vendors and implementations would also be affected. Protocolo Internet Key Exchange (IKE) version 1, implementado para Cisco IOS, VPN 3000 Concentrators, y PIX firewalls, permite a atacantes remotos provocar denegación de servicio (agotamiento de recursos) a través de un flood de paquetes IKE Phase-1 que exceden el ratio de expiración de la sesión. NOTA: se ha indicado que esto es debido a un diseño debil del protocolo IKe version 1, en cuyo caso otros vendedores e implementaciones podrían verse afectados. • http://archives.neohapsis.com/archives/bugtraq/2006-07/0531.html http://securityreason.com/securityalert/1293 http://securitytracker.com/id?1016582 http://www.cisco.com/en/US/tech/tk583/tk372/tsd_technology_security_response09186a00806f33d4.html http://www.nta-monitor.com/posts/2006/07/cisco-concentrator-dos.html http://www.osvdb.org/29068 http://www.securityfocus.com/archive/1/441203/100/0/threaded http://www.securityfocus.com/bid/19176 https://exchange.xforce.ibmcloud.com/vulnerabilities& •
CVSS: 2.6EPSS: 1%CPEs: 38EXPL: 1CVE-2006-3073
https://notcve.org/view.php?id=CVE-2006-3073
Multiple cross-site scripting (XSS) vulnerabilities in the WebVPN feature in the Cisco VPN 3000 Series Concentrators and Cisco ASA 5500 Series Adaptive Security Appliances (ASA), when in WebVPN clientless mode, allow remote attackers to inject arbitrary web script or HTML via the domain parameter in (1) dnserror.html and (2) connecterror.html, aka bugid CSCsd81095 (VPN3k) and CSCse48193 (ASA). NOTE: the vendor states that "WebVPN full-network-access mode" is not affected, despite the claims by the original researcher. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en WebVPN en la serie Cisco VPN 3000 y concentradores Cisco ASA 5500 Series Adaptive Security Appliances (ASA), cuando se encuentra en el modo de WebVPN sin cliente, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro domain en (1) dnserror.html y (2) connecterror.html, también conocido como bugid CSCsd81095 (VPN3k) y CSCse48193 (ASA). NOTA: El fabricante indica que "WebVPN full-network-access mode" no se ve afectada, a pesar de las alegaciones formuladas por el investigador original. • http://secunia.com/advisories/20644 http://securitytracker.com/id?1016252 http://www.cisco.com/warp/public/707/cisco-sr-20060613-webvpn-xss.shtml http://www.osvdb.org/26453 http://www.osvdb.org/26454 http://www.securityfocus.com/archive/1/436479/30/0/threaded http://www.securityfocus.com/bid/18419 http://www.vupen.com/english/advisories/2006/2331 https://exchange.xforce.ibmcloud.com/vulnerabilities/27086 •
CVSS: 7.8EPSS: 1%CPEs: 11EXPL: 0CVE-2006-0483
https://notcve.org/view.php?id=CVE-2006-0483
Cisco VPN 3000 series concentrators running software 4.7.0 through 4.7.2.A allow remote attackers to cause a denial of service (device reload or user disconnect) via a crafted HTTP packet. • http://secunia.com/advisories/18629 http://securityreason.com/securityalert/375 http://securitytracker.com/id?1015546 http://www.cisco.com/warp/public/707/cisco-sa-20060126-vpn.shtml http://www.osvdb.org/22754 http://www.securityfocus.com/bid/16394 http://www.vupen.com/english/advisories/2006/0346 https://exchange.xforce.ibmcloud.com/vulnerabilities/24330 •
CVSS: 7.5EPSS: 1%CPEs: 156EXPL: 0CVE-2005-4499
https://notcve.org/view.php?id=CVE-2005-4499
The Downloadable RADIUS ACLs feature in Cisco PIX and VPN 3000 concentrators, when creating an ACL on the Cisco Secure Access Control Server (CS ACS), generates a random internal name for an ACL that is also used as a hidden user name and password, which allows remote attackers to gain privileges by sniffing the username from the cleartext portion of a RADIUS session, then using the password to log in to another device that uses CS ACS. • http://secunia.com/advisories/18141 http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_field_notice09186a00805bf1c4.shtml http://www.osvdb.org/22193 http://www.securityfocus.com/archive/1/420020/100/0/threaded http://www.securityfocus.com/archive/1/420103/100/0/threaded http://www.securityfocus.com/bid/16025 •