CVE-2006-3073
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Multiple cross-site scripting (XSS) vulnerabilities in the WebVPN feature in the Cisco VPN 3000 Series Concentrators and Cisco ASA 5500 Series Adaptive Security Appliances (ASA), when in WebVPN clientless mode, allow remote attackers to inject arbitrary web script or HTML via the domain parameter in (1) dnserror.html and (2) connecterror.html, aka bugid CSCsd81095 (VPN3k) and CSCse48193 (ASA). NOTE: the vendor states that "WebVPN full-network-access mode" is not affected, despite the claims by the original researcher.
Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en WebVPN en la serie Cisco VPN 3000 y concentradores Cisco ASA 5500 Series Adaptive Security Appliances (ASA), cuando se encuentra en el modo de WebVPN sin cliente, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro domain en (1) dnserror.html y (2) connecterror.html, también conocido como bugid CSCsd81095 (VPN3k) y CSCse48193 (ASA). NOTA: El fabricante indica que "WebVPN full-network-access mode" no se ve afectada, a pesar de las alegaciones formuladas por el investigador original.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2006-06-19 CVE Reserved
- 2006-06-19 CVE Published
- 2023-08-15 EPSS Updated
- 2024-08-07 CVE Updated
- 2024-08-07 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (9)
URL | Tag | Source |
---|---|---|
http://www.osvdb.org/26453 | Vdb Entry | |
http://www.osvdb.org/26454 | Vdb Entry | |
http://www.securityfocus.com/archive/1/436479/30/0/threaded | Mailing List | |
http://www.securityfocus.com/bid/18419 | Vdb Entry | |
http://www.vupen.com/english/advisories/2006/2331 | Vdb Entry | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/27086 | Vdb Entry |
URL | Date | SRC |
---|---|---|
http://securitytracker.com/id?1016252 | 2024-08-07 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://secunia.com/advisories/20644 | 2018-10-30 | |
http://www.cisco.com/warp/public/707/cisco-sr-20060613-webvpn-xss.shtml | 2018-10-30 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Cisco Search vendor "Cisco" | Asa 5500 Search vendor "Cisco" for product "Asa 5500" | 7.0 Search vendor "Cisco" for product "Asa 5500" and version "7.0" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Asa 5500 Search vendor "Cisco" for product "Asa 5500" | 7.0\(4\) Search vendor "Cisco" for product "Asa 5500" and version "7.0\(4\)" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Asa 5500 Search vendor "Cisco" for product "Asa 5500" | 7.0.4.3 Search vendor "Cisco" for product "Asa 5500" and version "7.0.4.3" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Vpn 3000 Concentrator Series Software Search vendor "Cisco" for product "Vpn 3000 Concentrator Series Software" | 2.0 Search vendor "Cisco" for product "Vpn 3000 Concentrator Series Software" and version "2.0" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Vpn 3000 Concentrator Series Software Search vendor "Cisco" for product "Vpn 3000 Concentrator Series Software" | 2.5.2.a Search vendor "Cisco" for product "Vpn 3000 Concentrator Series Software" and version "2.5.2.a" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Vpn 3000 Concentrator Series Software Search vendor "Cisco" for product "Vpn 3000 Concentrator Series Software" | 2.5.2.b Search vendor "Cisco" for product "Vpn 3000 Concentrator Series Software" and version "2.5.2.b" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Vpn 3000 Concentrator Series Software Search vendor "Cisco" for product "Vpn 3000 Concentrator Series Software" | 2.5.2.c Search vendor "Cisco" for product "Vpn 3000 Concentrator Series Software" and version "2.5.2.c" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Vpn 3000 Concentrator Series Software Search vendor "Cisco" for product "Vpn 3000 Concentrator Series Software" | 2.5.2.d Search vendor "Cisco" for product "Vpn 3000 Concentrator Series Software" and version "2.5.2.d" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Vpn 3000 Concentrator Series Software Search vendor "Cisco" for product "Vpn 3000 Concentrator Series Software" | 2.5.2.f Search vendor "Cisco" for product "Vpn 3000 Concentrator Series Software" and version "2.5.2.f" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Vpn 3000 Concentrator Series Software Search vendor "Cisco" for product "Vpn 3000 Concentrator Series Software" | 3.0 Search vendor "Cisco" for product "Vpn 3000 Concentrator Series Software" and version "3.0" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Vpn 3000 Concentrator Series Software Search vendor "Cisco" for product "Vpn 3000 Concentrator Series Software" | 3.0.3.a Search vendor "Cisco" for product "Vpn 3000 Concentrator Series Software" and version "3.0.3.a" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Vpn 3000 Concentrator Series Software Search vendor "Cisco" for product "Vpn 3000 Concentrator Series Software" | 3.0.3.b Search vendor "Cisco" for product "Vpn 3000 Concentrator Series Software" and version "3.0.3.b" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Vpn 3000 Concentrator Series Software Search vendor "Cisco" for product "Vpn 3000 Concentrator Series Software" | 3.0.4 Search vendor "Cisco" for product "Vpn 3000 Concentrator Series Software" and version "3.0.4" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Vpn 3000 Concentrator Series Software Search vendor "Cisco" for product "Vpn 3000 Concentrator Series Software" | 3.1 Search vendor "Cisco" for product "Vpn 3000 Concentrator Series Software" and version "3.1" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Vpn 3000 Concentrator Series Software Search vendor "Cisco" for product "Vpn 3000 Concentrator Series Software" | 3.1\(rel\) Search vendor "Cisco" for product "Vpn 3000 Concentrator Series Software" and version "3.1\(rel\)" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Vpn 3000 Concentrator Series Software Search vendor "Cisco" for product "Vpn 3000 Concentrator Series Software" | 3.1.1 Search vendor "Cisco" for product "Vpn 3000 Concentrator Series Software" and version "3.1.1" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Vpn 3000 Concentrator Series Software Search vendor "Cisco" for product "Vpn 3000 Concentrator Series Software" | 3.1.2 Search vendor "Cisco" for product "Vpn 3000 Concentrator Series Software" and version "3.1.2" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Vpn 3000 Concentrator Series Software Search vendor "Cisco" for product "Vpn 3000 Concentrator Series Software" | 3.1.4 Search vendor "Cisco" for product "Vpn 3000 Concentrator Series Software" and version "3.1.4" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Vpn 3000 Concentrator Series Software Search vendor "Cisco" for product "Vpn 3000 Concentrator Series Software" | 3.5\(rel\) Search vendor "Cisco" for product "Vpn 3000 Concentrator Series Software" and version "3.5\(rel\)" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Vpn 3000 Concentrator Series Software Search vendor "Cisco" for product "Vpn 3000 Concentrator Series Software" | 3.5.1 Search vendor "Cisco" for product "Vpn 3000 Concentrator Series Software" and version "3.5.1" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Vpn 3000 Concentrator Series Software Search vendor "Cisco" for product "Vpn 3000 Concentrator Series Software" | 3.5.2 Search vendor "Cisco" for product "Vpn 3000 Concentrator Series Software" and version "3.5.2" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Vpn 3000 Concentrator Series Software Search vendor "Cisco" for product "Vpn 3000 Concentrator Series Software" | 3.5.3 Search vendor "Cisco" for product "Vpn 3000 Concentrator Series Software" and version "3.5.3" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Vpn 3000 Concentrator Series Software Search vendor "Cisco" for product "Vpn 3000 Concentrator Series Software" | 3.5.4 Search vendor "Cisco" for product "Vpn 3000 Concentrator Series Software" and version "3.5.4" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Vpn 3000 Concentrator Series Software Search vendor "Cisco" for product "Vpn 3000 Concentrator Series Software" | 3.5.5 Search vendor "Cisco" for product "Vpn 3000 Concentrator Series Software" and version "3.5.5" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Vpn 3000 Concentrator Series Software Search vendor "Cisco" for product "Vpn 3000 Concentrator Series Software" | 3.6 Search vendor "Cisco" for product "Vpn 3000 Concentrator Series Software" and version "3.6" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Vpn 3000 Concentrator Series Software Search vendor "Cisco" for product "Vpn 3000 Concentrator Series Software" | 3.6.1 Search vendor "Cisco" for product "Vpn 3000 Concentrator Series Software" and version "3.6.1" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Vpn 3000 Concentrator Series Software Search vendor "Cisco" for product "Vpn 3000 Concentrator Series Software" | 3.6.7 Search vendor "Cisco" for product "Vpn 3000 Concentrator Series Software" and version "3.6.7" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Vpn 3000 Concentrator Series Software Search vendor "Cisco" for product "Vpn 3000 Concentrator Series Software" | 3.6.7d Search vendor "Cisco" for product "Vpn 3000 Concentrator Series Software" and version "3.6.7d" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Vpn 3000 Concentrator Series Software Search vendor "Cisco" for product "Vpn 3000 Concentrator Series Software" | 4.0 Search vendor "Cisco" for product "Vpn 3000 Concentrator Series Software" and version "4.0" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Vpn 3000 Concentrator Series Software Search vendor "Cisco" for product "Vpn 3000 Concentrator Series Software" | 4.0.1 Search vendor "Cisco" for product "Vpn 3000 Concentrator Series Software" and version "4.0.1" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Vpn 3000 Concentrator Series Software Search vendor "Cisco" for product "Vpn 3000 Concentrator Series Software" | 4.0.5.b Search vendor "Cisco" for product "Vpn 3000 Concentrator Series Software" and version "4.0.5.b" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Vpn 3000 Concentrator Series Software Search vendor "Cisco" for product "Vpn 3000 Concentrator Series Software" | 4.1 Search vendor "Cisco" for product "Vpn 3000 Concentrator Series Software" and version "4.1" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Vpn 3000 Concentrator Series Software Search vendor "Cisco" for product "Vpn 3000 Concentrator Series Software" | 4.1.5.b Search vendor "Cisco" for product "Vpn 3000 Concentrator Series Software" and version "4.1.5.b" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Vpn 3000 Concentrator Series Software Search vendor "Cisco" for product "Vpn 3000 Concentrator Series Software" | 4.1.7.a Search vendor "Cisco" for product "Vpn 3000 Concentrator Series Software" and version "4.1.7.a" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Vpn 3000 Concentrator Series Software Search vendor "Cisco" for product "Vpn 3000 Concentrator Series Software" | 4.1.7.b Search vendor "Cisco" for product "Vpn 3000 Concentrator Series Software" and version "4.1.7.b" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Vpn 3000 Concentrator Series Software Search vendor "Cisco" for product "Vpn 3000 Concentrator Series Software" | 4.7 Search vendor "Cisco" for product "Vpn 3000 Concentrator Series Software" and version "4.7" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Vpn 3000 Concentrator Series Software Search vendor "Cisco" for product "Vpn 3000 Concentrator Series Software" | 4.7.1 Search vendor "Cisco" for product "Vpn 3000 Concentrator Series Software" and version "4.7.1" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Vpn 3000 Concentrator Series Software Search vendor "Cisco" for product "Vpn 3000 Concentrator Series Software" | 4.7.1.f Search vendor "Cisco" for product "Vpn 3000 Concentrator Series Software" and version "4.7.1.f" | - |
Affected
|