CVSS: 5.0EPSS: 5%CPEs: 138EXPL: 0CVE-2006-3906
https://notcve.org/view.php?id=CVE-2006-3906
Internet Key Exchange (IKE) version 1 protocol, as implemented on Cisco IOS, VPN 3000 Concentrators, and PIX firewalls, allows remote attackers to cause a denial of service (resource exhaustion) via a flood of IKE Phase-1 packets that exceed the session expiration rate. NOTE: it has been argued that this is due to a design weakness of the IKE version 1 protocol, in which case other vendors and implementations would also be affected. Protocolo Internet Key Exchange (IKE) version 1, implementado para Cisco IOS, VPN 3000 Concentrators, y PIX firewalls, permite a atacantes remotos provocar denegación de servicio (agotamiento de recursos) a través de un flood de paquetes IKE Phase-1 que exceden el ratio de expiración de la sesión. NOTA: se ha indicado que esto es debido a un diseño debil del protocolo IKe version 1, en cuyo caso otros vendedores e implementaciones podrían verse afectados. • http://archives.neohapsis.com/archives/bugtraq/2006-07/0531.html http://securityreason.com/securityalert/1293 http://securitytracker.com/id?1016582 http://www.cisco.com/en/US/tech/tk583/tk372/tsd_technology_security_response09186a00806f33d4.html http://www.nta-monitor.com/posts/2006/07/cisco-concentrator-dos.html http://www.osvdb.org/29068 http://www.securityfocus.com/archive/1/441203/100/0/threaded http://www.securityfocus.com/bid/19176 https://exchange.xforce.ibmcloud.com/vulnerabilities& •
CVSS: 2.6EPSS: 1%CPEs: 38EXPL: 1CVE-2006-3073
https://notcve.org/view.php?id=CVE-2006-3073
Multiple cross-site scripting (XSS) vulnerabilities in the WebVPN feature in the Cisco VPN 3000 Series Concentrators and Cisco ASA 5500 Series Adaptive Security Appliances (ASA), when in WebVPN clientless mode, allow remote attackers to inject arbitrary web script or HTML via the domain parameter in (1) dnserror.html and (2) connecterror.html, aka bugid CSCsd81095 (VPN3k) and CSCse48193 (ASA). NOTE: the vendor states that "WebVPN full-network-access mode" is not affected, despite the claims by the original researcher. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en WebVPN en la serie Cisco VPN 3000 y concentradores Cisco ASA 5500 Series Adaptive Security Appliances (ASA), cuando se encuentra en el modo de WebVPN sin cliente, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro domain en (1) dnserror.html y (2) connecterror.html, también conocido como bugid CSCsd81095 (VPN3k) y CSCse48193 (ASA). NOTA: El fabricante indica que "WebVPN full-network-access mode" no se ve afectada, a pesar de las alegaciones formuladas por el investigador original. • http://secunia.com/advisories/20644 http://securitytracker.com/id?1016252 http://www.cisco.com/warp/public/707/cisco-sr-20060613-webvpn-xss.shtml http://www.osvdb.org/26453 http://www.osvdb.org/26454 http://www.securityfocus.com/archive/1/436479/30/0/threaded http://www.securityfocus.com/bid/18419 http://www.vupen.com/english/advisories/2006/2331 https://exchange.xforce.ibmcloud.com/vulnerabilities/27086 •
CVSS: 7.5EPSS: 1%CPEs: 156EXPL: 0CVE-2005-4499
https://notcve.org/view.php?id=CVE-2005-4499
The Downloadable RADIUS ACLs feature in Cisco PIX and VPN 3000 concentrators, when creating an ACL on the Cisco Secure Access Control Server (CS ACS), generates a random internal name for an ACL that is also used as a hidden user name and password, which allows remote attackers to gain privileges by sniffing the username from the cleartext portion of a RADIUS session, then using the password to log in to another device that uses CS ACS. • http://secunia.com/advisories/18141 http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_field_notice09186a00805bf1c4.shtml http://www.osvdb.org/22193 http://www.securityfocus.com/archive/1/420020/100/0/threaded http://www.securityfocus.com/archive/1/420103/100/0/threaded http://www.securityfocus.com/bid/16025 •
CVSS: 5.0EPSS: 7%CPEs: 138EXPL: 0CVE-2005-3669
https://notcve.org/view.php?id=CVE-2005-3669
Multiple unspecified vulnerabilities in the Internet Key Exchange version 1 (IKEv1) implementation in multiple Cisco products allow remote attackers to cause a denial of service (device reset) via certain malformed IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the Cisco advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to. • http://jvn.jp/niscc/NISCC-273756/index.html http://secunia.com/advisories/17553 http://securitytracker.com/id?1015198 http://securitytracker.com/id?1015199 http://securitytracker.com/id?1015200 http://securitytracker.com/id?1015201 http://securitytracker.com/id? •
CVSS: 5.0EPSS: 0%CPEs: 44EXPL: 1CVE-2005-2025
https://notcve.org/view.php?id=CVE-2005-2025
Cisco VPN 3000 Concentrator before 4.1.7.F allows remote attackers to determine valid groupnames by sending an IKE Aggressive Mode packet with the groupname in the ID field, which generates a response if the groupname is valid, but does not generate a response for an invalid groupname. • http://www.nta-monitor.com/news/vpn-flaws/cisco/VPN-Concentrator/index.htm http://www.securityfocus.com/bid/13992 http://www.vupen.com/english/advisories/2005/0822 •