Cisco VPN vulnerabilities
5/12/03
Impact
A remote attacker could access any service listening on a
certain TCP port on the private network. It could also be
possible to cause a denial of service or a performance
degradation.
Background
Cisco offers a number of devices which implement
Virtual Private
Networks (VPNs). Two such types of devices are the
Cisco VPN 3000 Series concentrator, including models
3005, 3015, 3030, 3060, 3080, and the
Cisco VPN 3002 Hardware Client.
The Problems
5/12/03
CAN 2003-0258
The Cisco VPN 3000 Series concentrators can be configured to
allow IPSec traffic on a
selected TCP port. However, this configuration will allow
all TCP traffic, not only IPSec, to reach the private network
on the selected port. Therefore, a remote attacker could gain
unauthorized access to any service which happens to be running on the
selected port on any system on the private network. Versions
4.0.REL, 3.6.REL through 3.6.7E, and 3.5.x are affected
by this vulnerability.
5/12/03
CAN 2003-0259
CAN 2003-0260
Two additional vulnerabilities, one in the processing of
SSH initialization packets and one in the processing of
malformed ICMP packets, could cause a performance degradation
or cause the concentrator to reload, leading to a denial
of service. Versions 2.x through 3.5.x and 3.6.REL through
3.6.7 are affected by these vulnerabilities.
CVE 2001-0427
CVE 2001-0428
CAN 2002-1092
CAN 2002-1093
CAN 2002-1094
CAN 2002-1095
CAN 2002-1096
CAN 2002-1097
CAN 2002-1098
CAN 2002-1099
CAN 2002-1100
CAN 2002-1101
CAN 2002-1102
CAN 2002-1103
Multiple vulnerabilities in older versions of Cisco VPN
3000 Series concentrators could allow an attacker to create
a denial of service or gain unauthorized access to the
private network.
Resolution
Apply one of the fixes or workarounds described in the
Cisco advisory.
Where can I read more about this?
These vulnerabilities was reported in a
Cisco advisory.