CVSS: 5.0EPSS: 9%CPEs: 11EXPL: 0CVE-2006-4313 – Cisco VPN Concentrator 3000 FTP Unauthorized Administrative Access
https://notcve.org/view.php?id=CVE-2006-4313
Multiple unspecified vulnerabilities in Cisco VPN 3000 series concentrators before 4.1, 4.1.x up to 4.1(7)L, and 4.7.x up to 4.7(2)F allow attackers to execute the (1) CWD, (2) MKD, (3) CDUP, (4) RNFR, (5) SIZE, and (6) RMD FTP commands to modify files or create and delete directories via unknown vectors. Múltiples vulnerabilidades no especificadas en los concentradores de la serie Cisco VPN 3000 anteriores a 4.1, 4.1.x hasta 4.1(7)L, y 4.7.x hasta 4.7(2)F permiten a atacantes ejecutar los comandos (1) CWD, (2) MKD, (3) CDUP, (4) RNFR, (5) SIZE, y (6) RMD FTP para modificar archivos o crear y borrar directorios a través de vectores no especificados. • http://secunia.com/advisories/21617 http://securitytracker.com/id?1016737 http://www.cisco.com/warp/public/707/cisco-sa-20060823-vpn3k.shtml http://www.osvdb.org/28138 http://www.osvdb.org/28139 http://www.securityfocus.com/bid/19680 http://www.vupen.com/english/advisories/2006/3368 https://exchange.xforce.ibmcloud.com/vulnerabilities/28539 •
CVSS: 5.0EPSS: 5%CPEs: 138EXPL: 0CVE-2006-3906
https://notcve.org/view.php?id=CVE-2006-3906
Internet Key Exchange (IKE) version 1 protocol, as implemented on Cisco IOS, VPN 3000 Concentrators, and PIX firewalls, allows remote attackers to cause a denial of service (resource exhaustion) via a flood of IKE Phase-1 packets that exceed the session expiration rate. NOTE: it has been argued that this is due to a design weakness of the IKE version 1 protocol, in which case other vendors and implementations would also be affected. Protocolo Internet Key Exchange (IKE) version 1, implementado para Cisco IOS, VPN 3000 Concentrators, y PIX firewalls, permite a atacantes remotos provocar denegación de servicio (agotamiento de recursos) a través de un flood de paquetes IKE Phase-1 que exceden el ratio de expiración de la sesión. NOTA: se ha indicado que esto es debido a un diseño debil del protocolo IKe version 1, en cuyo caso otros vendedores e implementaciones podrían verse afectados. • http://archives.neohapsis.com/archives/bugtraq/2006-07/0531.html http://securityreason.com/securityalert/1293 http://securitytracker.com/id?1016582 http://www.cisco.com/en/US/tech/tk583/tk372/tsd_technology_security_response09186a00806f33d4.html http://www.nta-monitor.com/posts/2006/07/cisco-concentrator-dos.html http://www.osvdb.org/29068 http://www.securityfocus.com/archive/1/441203/100/0/threaded http://www.securityfocus.com/bid/19176 https://exchange.xforce.ibmcloud.com/vulnerabilities& •
CVSS: 7.8EPSS: 1%CPEs: 11EXPL: 0CVE-2006-0483
https://notcve.org/view.php?id=CVE-2006-0483
Cisco VPN 3000 series concentrators running software 4.7.0 through 4.7.2.A allow remote attackers to cause a denial of service (device reload or user disconnect) via a crafted HTTP packet. • http://secunia.com/advisories/18629 http://securityreason.com/securityalert/375 http://securitytracker.com/id?1015546 http://www.cisco.com/warp/public/707/cisco-sa-20060126-vpn.shtml http://www.osvdb.org/22754 http://www.securityfocus.com/bid/16394 http://www.vupen.com/english/advisories/2006/0346 https://exchange.xforce.ibmcloud.com/vulnerabilities/24330 •