Search criteria
72 vulnerabilities found for vpn_3000_concentrator_series_software by cisco
FKIE_CVE-2006-4313
Vulnerability from fkie_nvd - Published: 2006-08-23 22:04 - Updated: 2025-04-03 01:03
Severity ?
Summary
Multiple unspecified vulnerabilities in Cisco VPN 3000 series concentrators before 4.1, 4.1.x up to 4.1(7)L, and 4.7.x up to 4.7(2)F allow attackers to execute the (1) CWD, (2) MKD, (3) CDUP, (4) RNFR, (5) SIZE, and (6) RMD FTP commands to modify files or create and delete directories via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | vpn_3000_concentrator_series_software | 4.0 | |
| cisco | vpn_3000_concentrator_series_software | 4.0.1 | |
| cisco | vpn_3000_concentrator_series_software | 4.0.5.b | |
| cisco | vpn_3000_concentrator_series_software | 4.1.5.b | |
| cisco | vpn_3000_concentrator_series_software | 4.1.7.a | |
| cisco | vpn_3000_concentrator_series_software | 4.1.7.b | |
| cisco | vpn_3000_concentrator_series_software | 4.1.7.l | |
| cisco | vpn_3000_concentrator_series_software | 4.7 | |
| cisco | vpn_3000_concentrator_series_software | 4.7.1 | |
| cisco | vpn_3000_concentrator_series_software | 4.7.1.f | |
| cisco | vpn_3000_concentrator_series_software | 4.7.2.f |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D953DA9F-B54E-4941-85BE-48933C98DB55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "12E298AD-26AC-4E1D-83D8-5C2016CC6559",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.0.5.b:*:*:*:*:*:*:*",
"matchCriteriaId": "B71DAF71-5763-44D8-AD1E-5ADE8BC15120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.1.5.b:*:*:*:*:*:*:*",
"matchCriteriaId": "BFA54782-93A8-47BE-863D-89CA3678BF6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.1.7.a:*:*:*:*:*:*:*",
"matchCriteriaId": "67F66A10-246D-447B-941F-F1175684F0D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.1.7.b:*:*:*:*:*:*:*",
"matchCriteriaId": "82435757-D892-4298-9176-5EC1FEC93037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.1.7.l:*:*:*:*:*:*:*",
"matchCriteriaId": "E5BAFC4A-D8FB-4450-BC29-83B306000C99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D03F5D3F-6FB1-4A25-B544-D3C973F35DD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5A90348C-94E2-4F04-A887-E7EFFC1ACF12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.7.1.f:*:*:*:*:*:*:*",
"matchCriteriaId": "1F5E136E-9215-46A8-A40A-AE964C588A38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.7.2.f:*:*:*:*:*:*:*",
"matchCriteriaId": "A13F7BC2-7491-4266-9B32-3E6D8978A6C7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in Cisco VPN 3000 series concentrators before 4.1, 4.1.x up to 4.1(7)L, and 4.7.x up to 4.7(2)F allow attackers to execute the (1) CWD, (2) MKD, (3) CDUP, (4) RNFR, (5) SIZE, and (6) RMD FTP commands to modify files or create and delete directories via unknown vectors."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades no especificadas en los concentradores de la serie Cisco VPN 3000 anteriores a 4.1, 4.1.x hasta 4.1(7)L, y 4.7.x hasta 4.7(2)F permiten a atacantes ejecutar los comandos (1) CWD, (2) MKD, (3) CDUP, (4) RNFR, (5) SIZE, y (6) RMD FTP para modificar archivos o crear y borrar directorios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2006-4313",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-08-23T22:04:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/21617"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1016737"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20060823-vpn3k.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/28138"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/28139"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/19680"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/3368"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28539"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/21617"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016737"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20060823-vpn3k.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/28138"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/28139"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/19680"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/3368"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28539"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-3906
Vulnerability from fkie_nvd - Published: 2006-07-27 22:04 - Updated: 2025-04-03 01:03
Severity ?
Summary
Internet Key Exchange (IKE) version 1 protocol, as implemented on Cisco IOS, VPN 3000 Concentrators, and PIX firewalls, allows remote attackers to cause a denial of service (resource exhaustion) via a flood of IKE Phase-1 packets that exceed the session expiration rate. NOTE: it has been argued that this is due to a design weakness of the IKE version 1 protocol, in which case other vendors and implementations would also be affected.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5802E2D8-7069-474C-826F-AEE7B50BFE34",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:vpn_3001_concentrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "786346D5-13D8-45C9-B91D-C2AACF675377",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:vpn_3015_concentrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0A512328-2FD0-4B1D-9327-A13A0BCE9C0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:vpn_3020_concentrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D5D50FE2-A4E6-4EF4-A91C-88FB0AF6CCB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:vpn_3030_concentator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6548F964-B8EE-4B39-87CF-99743D41C42C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:vpn_3060_concentrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E08810E6-33B6-45FF-91C7-EED10DC023EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:vpn_3080_concentrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2BD1A1AC-980F-428E-8BAF-0FC821014868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85ED2D96-5CC9-4851-986A-C9ED5E2D96CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0\\(4\\):*:*:*:*:*:*:*",
"matchCriteriaId": "AC150564-7413-401A-9DD8-8AD773F1D8F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0\\(5\\):*:*:*:*:*:*:*",
"matchCriteriaId": "D0714F9E-75AD-4405-BBC3-E0D817C05EF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7EA0DDDD-C987-4DA6-ADEE-77B387C26A92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "49696766-ECCE-4903-AA54-271EFEA58B8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:7.1\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "D1557499-D1A1-4A26-80DA-A3D66AA53580",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "923949D1-06EC-462F-A3BC-FCAB448042A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.5.2.a:*:*:*:*:*:*:*",
"matchCriteriaId": "901B1838-7169-41E5-80EF-29BB680BF937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.5.2.b:*:*:*:*:*:*:*",
"matchCriteriaId": "CDAEAA5F-0A98-48B7-8012-9B9909243135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.5.2.c:*:*:*:*:*:*:*",
"matchCriteriaId": "11DA4B03-2D30-4514-9DF5-5F0DDD4B8DC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.5.2.d:*:*:*:*:*:*:*",
"matchCriteriaId": "CB38834B-E4AB-43F4-888B-14B088C95594",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.5.2.f:*:*:*:*:*:*:*",
"matchCriteriaId": "23F8059B-3968-4D63-B1B3-74E545C918D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "701CDA0D-F932-4251-B484-8F20F0AE9003",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.0.3.a:*:*:*:*:*:*:*",
"matchCriteriaId": "E674AA43-905E-40E0-A70F-77D05C62C18D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.0.3.b:*:*:*:*:*:*:*",
"matchCriteriaId": "3F0D767F-7142-46D2-B3E4-7FE8E9E3285A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "057A6BA0-5F5E-4FC4-B2EC-A17968EAC2C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "645AB682-2965-4C8D-B323-AB510E424407",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.1\\(rel\\):*:*:*:*:*:*:*",
"matchCriteriaId": "76F7F019-A0A4-49CD-BB28-24BF7725AC89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "175CD875-3402-4B06-A3FA-7DFFCBB44056",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AF61B8A5-31E7-40F5-8B3D-CA90E50618AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4C9017BB-5848-4361-ABB9-C69FB3AB90FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5\\(rel\\):*:*:*:*:*:*:*",
"matchCriteriaId": "207034E8-35F7-4E78-A3FC-C86D20EB8D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C544E523-15E5-4CE5-8113-53454F5D9973",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B09F6EBD-C3FC-4680-BE31-A766D863237D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DF8C3FDA-D321-4202-A8EA-6C1464558A8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B68705AB-A133-401F-9F41-64594E071816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F9092680-E154-4EAB-A2D5-B692073F894E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8EF5F3FA-5FA4-408E-BA62-3943C5DFD859",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ADFC9764-5BF5-449F-9200-5569C13F8309",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F12F2AAC-DB5B-4C28-86C5-F59490362E54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "071F52AD-D59B-4673-BCBE-112B94D3EB66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "80709CB0-D386-4C4F-B3EE-7A0501FD7248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7.a:*:*:*:*:*:*:*",
"matchCriteriaId": "B2AFAF42-B894-4D62-A9CF-3349A43191AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7.b:*:*:*:*:*:*:*",
"matchCriteriaId": "ABE5BB7F-D8B4-441B-9F45-56F622EEAA52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7.c:*:*:*:*:*:*:*",
"matchCriteriaId": "8B87A7EC-DC23-4075-8C4A-2317FF34BDB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7.d:*:*:*:*:*:*:*",
"matchCriteriaId": "98AC18E3-D12B-489D-9D95-6C9210235FB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7.f:*:*:*:*:*:*:*",
"matchCriteriaId": "E9DB969E-8BE9-46E0-B8AA-5057E320F1ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7d:*:*:*:*:*:*:*",
"matchCriteriaId": "36291ADE-3D5A-4E49-8BA7-B71CAAA226B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D953DA9F-B54E-4941-85BE-48933C98DB55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "12E298AD-26AC-4E1D-83D8-5C2016CC6559",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "590283B1-4965-44D3-A0D4-CD90DD6B2D2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.0.5.b:*:*:*:*:*:*:*",
"matchCriteriaId": "B71DAF71-5763-44D8-AD1E-5ADE8BC15120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B35B6FA9-E504-4CE3-B171-815291A812CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.1.5.b:*:*:*:*:*:*:*",
"matchCriteriaId": "BFA54782-93A8-47BE-863D-89CA3678BF6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.1.7.a:*:*:*:*:*:*:*",
"matchCriteriaId": "67F66A10-246D-447B-941F-F1175684F0D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.1.7.b:*:*:*:*:*:*:*",
"matchCriteriaId": "82435757-D892-4298-9176-5EC1FEC93037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.1.7.l:*:*:*:*:*:*:*",
"matchCriteriaId": "E5BAFC4A-D8FB-4450-BC29-83B306000C99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D03F5D3F-6FB1-4A25-B544-D3C973F35DD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.7\\(rel\\):*:*:*:*:*:*:*",
"matchCriteriaId": "432A18AD-A495-4750-85A5-7D82FC321D7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5A90348C-94E2-4F04-A887-E7EFFC1ACF12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.7.1.f:*:*:*:*:*:*:*",
"matchCriteriaId": "1F5E136E-9215-46A8-A40A-AE964C588A38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C9729CAA-8041-43D6-9299-07CCCBFD3907",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.7.2.a:*:*:*:*:*:*:*",
"matchCriteriaId": "45A33500-B013-4863-BF12-27283ACD4AB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.7.2.f:*:*:*:*:*:*:*",
"matchCriteriaId": "A13F7BC2-7491-4266-9B32-3E6D8978A6C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3005_concentrator_software:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "17196F00-9D7A-4AF6-AE1E-EA2E450A8ABD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3030_concentator:4.7\\(rel\\):*:*:*:*:*:*:*",
"matchCriteriaId": "A459B6C2-EE91-43AE-A837-BCF4188BEB40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3030_concentator:4.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "32200DE2-71BA-417C-AF24-3BE549A68711",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3030_concentator:4.7.1.f:*:*:*:*:*:*:*",
"matchCriteriaId": "25F3F37E-4BBD-4A0E-A1DF-64602D75207D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3030_concentator:4.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B0722179-9602-42A1-81CA-062D4010B9CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3030_concentator:4.7.2.a:*:*:*:*:*:*:*",
"matchCriteriaId": "DA0E5615-4855-4A35-BE58-B9B27C7B2CC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3030_concentator:4.7.2.f:*:*:*:*:*:*:*",
"matchCriteriaId": "65D48968-68F5-49BD-88CF-6C8D73D7F967",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:pix_asa_ids:*:*:*:*:*:*:*:*",
"matchCriteriaId": "701810DC-0A46-4D01-90BD-03AAF277E4DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:pix_firewall:6.2.2_.111:*:*:*:*:*:*:*",
"matchCriteriaId": "ECBC761F-A8F5-4CD8-B19C-5CE8FFC58FDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:pix_firewall:6.2.3_\\(110\\):*:*:*:*:*:*:*",
"matchCriteriaId": "900DC321-4CEF-4810-8247-B82FE93F48BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:pix_firewall:6.3.3_\\(133\\):*:*:*:*:*:*:*",
"matchCriteriaId": "422F8E64-2376-4E82-A1A2-916BFB7172AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:pix_firewall:6.3.5_\\(112\\):*:*:*:*:*:*:*",
"matchCriteriaId": "54389797-86AA-4744-AA84-9B66FB6E01E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:pix_firewall_501:*:*:*:*:*:*:*:*",
"matchCriteriaId": "151D5A44-2D0D-478A-B011-A0892817B814",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:pix_firewall_506:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E346F334-9BA3-4BDC-8D0F-D749A7D76E66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:pix_firewall_515:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F6EE5C14-F556-48A5-BB3F-5465DC823B85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:pix_firewall_515e:*:*:*:*:*:*:*:*",
"matchCriteriaId": "286199EA-71CF-46B4-9131-F1752C2EA82D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:pix_firewall_520:*:*:*:*:*:*:*:*",
"matchCriteriaId": "32E437F4-1B19-4B57-9EAD-3AC04717E389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:pix_firewall_525:*:*:*:*:*:*:*:*",
"matchCriteriaId": "29B2019F-DF6E-4924-B0D2-37094B5265F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:pix_firewall_535:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9600B7CF-4AEB-4319-8EF4-4FEA40EF6367",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:secure_pix_firewall:*:*:*:*:*:*:*:*",
"matchCriteriaId": "507B3A76-3F01-4BF0-8A3B-9E620DCB082D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "026A2C0D-AD93-49DC-AF72-8C12AD565B2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "920FAF7C-2964-497B-B1F8-3B060AAB4C55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2D499F38-A34C-44D0-A061-C3AE08CF178B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "63E564B5-A39F-4837-93B8-1331CD975D4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:4.1\\(6\\):*:*:*:*:*:*:*",
"matchCriteriaId": "1EEDB9DD-C862-4783-9F96-88836424B298",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:4.1\\(6b\\):*:*:*:*:*:*:*",
"matchCriteriaId": "3BD36C4A-4B90-4012-B4A5-6081C413E302",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C39A993C-5A36-4D3F-B8B6-9B3252713127",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:4.2\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B1C4F7D5-DCD0-409C-86BF-A96A5253DF64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:4.2\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8198D129-76D0-4983-BFC4-8EC724FE1B6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:4.2\\(5\\):*:*:*:*:*:*:*",
"matchCriteriaId": "6BEECFAA-9DD5-4950-B9F1-CF8582225314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "49566EAC-05AF-4880-8000-351AF538E4CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "23E9FBEE-3213-47FA-8CBA-C285533265FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:4.4\\(4\\):*:*:*:*:*:*:*",
"matchCriteriaId": "118CBF59-DAD8-468E-B279-F6359E4624F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:4.4\\(7.202\\):*:*:*:*:*:*:*",
"matchCriteriaId": "957E6F8F-6881-44DE-A687-9D1E0C13F6CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:4.4\\(8\\):*:*:*:*:*:*:*",
"matchCriteriaId": "E56328FE-F499-4325-AFEC-45BFEAB7662D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7AA2E425-904C-4070-8F5F-B81BCF3147F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "604CF950-5D4B-4DC6-819E-0528B22CB05C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:5.1\\(4\\):*:*:*:*:*:*:*",
"matchCriteriaId": "E12887E5-A2BB-4B1E-9621-2961458BCE21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:5.1\\(4.206\\):*:*:*:*:*:*:*",
"matchCriteriaId": "3B5BE2F7-687C-477B-818B-A102526DF36D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "999A0969-60EB-4B2E-A274-9F05D9F840E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:5.2\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "626E41D2-A5EF-493D-9486-3D9BC3793EAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:5.2\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "EBA31E4D-2215-4E4A-BCCC-B3D922CB752D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:5.2\\(3.210\\):*:*:*:*:*:*:*",
"matchCriteriaId": "4F16AD2C-1CC1-43D9-A944-F67071B62E66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:5.2\\(5\\):*:*:*:*:*:*:*",
"matchCriteriaId": "A42FFBF7-9ADB-4F14-BED8-F2E53BEE7B62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:5.2\\(6\\):*:*:*:*:*:*:*",
"matchCriteriaId": "25D16481-CA9A-4B4D-AC9D-3A4F0387FF19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:5.2\\(7\\):*:*:*:*:*:*:*",
"matchCriteriaId": "56E4588E-6C1F-4720-8082-0EF299435CB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:5.2\\(9\\):*:*:*:*:*:*:*",
"matchCriteriaId": "D24E0E92-59D7-4B16-8B0D-2FD0EE821D93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "ED24C763-7558-4AC0-AE10-FDA3D3078D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:5.3\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "4CC85ED3-B598-4A87-A2B8-8D3B52ECC2F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:5.3\\(1.200\\):*:*:*:*:*:*:*",
"matchCriteriaId": "C84CE24E-4ED6-43D0-A234-FBD24D22A8A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:5.3\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "FF84B9FE-7C6C-4578-A5A9-EF0D5EEEEC19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:5.3\\(3\\):*:*:*:*:*:*:*",
"matchCriteriaId": "72C3E2B4-3A36-44B5-90D3-1BF9FAD98579",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "58BE9C02-2A01-4F6F-A6BD-BC0173561E9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "C558CED8-8342-46CB-9F52-580B626D320E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "0F85D19E-6C26-429D-B876-F34238B9DAAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(3\\):*:*:*:*:*:*:*",
"matchCriteriaId": "FEC7CCF7-CBC6-4EDC-8EDD-884DFFFBCC7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(4\\):*:*:*:*:*:*:*",
"matchCriteriaId": "E5011A33-CD6D-4EFC-ACFD-E51C9AE726A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(4.101\\):*:*:*:*:*:*:*",
"matchCriteriaId": "09063867-0E64-4630-B35B-4CCA348E4DAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "78F98CD7-A352-483C-9968-8FB2627A7CBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "F97FE485-705F-4707-B6C6-0EF9E8A85D5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "E2B925E8-D2C2-4E8C-AC21-0C422245C482",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(3\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B9170562-872E-4C32-869C-B10FF35A925E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(4\\):*:*:*:*:*:*:*",
"matchCriteriaId": "D0927A68-8BB2-4F03-8396-E9CACC158FC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(5\\):*:*:*:*:*:*:*",
"matchCriteriaId": "559DDBA3-2AF4-4A0C-B219-6779BA931F21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.1.5\\(104\\):*:*:*:*:*:*:*",
"matchCriteriaId": "F76AED68-8304-4BC6-9D98-64231B08A6A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ED9D142A-DDC8-4BD6-8C22-F242C9C0B1ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "5226C9CC-6933-4F10-B426-B47782C606FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "757DAE9A-B25D-4B8A-A41B-66C2897B537E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(3\\):*:*:*:*:*:*:*",
"matchCriteriaId": "5E3DC170-E279-4725-B9EE-6840B5685CC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(3.100\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8091EDA9-BD18-47F7-8CEC-E086238647C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6F867890-74A4-4892-B99A-27DB4603B873",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "CE05B514-F094-4632-B25B-973F976F6409",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "3392428D-1A85-4472-A276-C482A78E2CE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(3\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B0D74D2C-662B-4D24-89EE-3DB73F96BBF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(3.102\\):*:*:*:*:*:*:*",
"matchCriteriaId": "40954985-16E6-4F37-B014-6A55166AE093",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(3.109\\):*:*:*:*:*:*:*",
"matchCriteriaId": "0C097809-1FEF-4417-A201-42291CC29122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(5\\):*:*:*:*:*:*:*",
"matchCriteriaId": "5E6D5FD3-CF95-4A3B-9ADB-CEC77F73CA78",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Internet Key Exchange (IKE) version 1 protocol, as implemented on Cisco IOS, VPN 3000 Concentrators, and PIX firewalls, allows remote attackers to cause a denial of service (resource exhaustion) via a flood of IKE Phase-1 packets that exceed the session expiration rate. NOTE: it has been argued that this is due to a design weakness of the IKE version 1 protocol, in which case other vendors and implementations would also be affected."
},
{
"lang": "es",
"value": "Protocolo Internet Key Exchange (IKE) version 1, implementado para Cisco IOS, VPN 3000 Concentrators, y PIX firewalls, permite a atacantes remotos provocar denegaci\u00f3n de servicio (agotamiento de recursos) a trav\u00e9s de un flood de paquetes IKE Phase-1 que exceden el ratio de expiraci\u00f3n de la sesi\u00f3n. NOTA: se ha indicado que esto es debido a un dise\u00f1o debil del protocolo IKe version 1, en cuyo caso otros vendedores e implementaciones podr\u00edan verse afectados."
}
],
"id": "CVE-2006-3906",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-07-27T22:04:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0531.html"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/1293"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1016582"
},
{
"source": "cve@mitre.org",
"url": "http://www.cisco.com/en/US/tech/tk583/tk372/tsd_technology_security_response09186a00806f33d4.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.nta-monitor.com/posts/2006/07/cisco-concentrator-dos.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/29068"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/441203/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/19176"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27972"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5299"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0531.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/1293"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016582"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.cisco.com/en/US/tech/tk583/tk372/tsd_technology_security_response09186a00806f33d4.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.nta-monitor.com/posts/2006/07/cisco-concentrator-dos.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/29068"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/441203/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/19176"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27972"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5299"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-3073
Vulnerability from fkie_nvd - Published: 2006-06-19 10:02 - Updated: 2025-04-03 01:03
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the WebVPN feature in the Cisco VPN 3000 Series Concentrators and Cisco ASA 5500 Series Adaptive Security Appliances (ASA), when in WebVPN clientless mode, allow remote attackers to inject arbitrary web script or HTML via the domain parameter in (1) dnserror.html and (2) connecterror.html, aka bugid CSCsd81095 (VPN3k) and CSCse48193 (ASA). NOTE: the vendor states that "WebVPN full-network-access mode" is not affected, despite the claims by the original researcher.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:asa_5500:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "891B8FA4-B602-42C5-A94F-8C60BBF7A7D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:asa_5500:7.0\\(4\\):*:*:*:*:*:*:*",
"matchCriteriaId": "083B3C00-AE54-48D7-A11B-E5BFE5607CF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:asa_5500:7.0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "635851C6-E383-415A-9123-270E205E0762",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "923949D1-06EC-462F-A3BC-FCAB448042A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.5.2.a:*:*:*:*:*:*:*",
"matchCriteriaId": "901B1838-7169-41E5-80EF-29BB680BF937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.5.2.b:*:*:*:*:*:*:*",
"matchCriteriaId": "CDAEAA5F-0A98-48B7-8012-9B9909243135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.5.2.c:*:*:*:*:*:*:*",
"matchCriteriaId": "11DA4B03-2D30-4514-9DF5-5F0DDD4B8DC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.5.2.d:*:*:*:*:*:*:*",
"matchCriteriaId": "CB38834B-E4AB-43F4-888B-14B088C95594",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.5.2.f:*:*:*:*:*:*:*",
"matchCriteriaId": "23F8059B-3968-4D63-B1B3-74E545C918D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "701CDA0D-F932-4251-B484-8F20F0AE9003",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.0.3.a:*:*:*:*:*:*:*",
"matchCriteriaId": "E674AA43-905E-40E0-A70F-77D05C62C18D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.0.3.b:*:*:*:*:*:*:*",
"matchCriteriaId": "3F0D767F-7142-46D2-B3E4-7FE8E9E3285A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "057A6BA0-5F5E-4FC4-B2EC-A17968EAC2C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "645AB682-2965-4C8D-B323-AB510E424407",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.1\\(rel\\):*:*:*:*:*:*:*",
"matchCriteriaId": "76F7F019-A0A4-49CD-BB28-24BF7725AC89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "175CD875-3402-4B06-A3FA-7DFFCBB44056",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AF61B8A5-31E7-40F5-8B3D-CA90E50618AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4C9017BB-5848-4361-ABB9-C69FB3AB90FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5\\(rel\\):*:*:*:*:*:*:*",
"matchCriteriaId": "207034E8-35F7-4E78-A3FC-C86D20EB8D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C544E523-15E5-4CE5-8113-53454F5D9973",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B09F6EBD-C3FC-4680-BE31-A766D863237D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DF8C3FDA-D321-4202-A8EA-6C1464558A8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B68705AB-A133-401F-9F41-64594E071816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F9092680-E154-4EAB-A2D5-B692073F894E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8EF5F3FA-5FA4-408E-BA62-3943C5DFD859",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ADFC9764-5BF5-449F-9200-5569C13F8309",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "80709CB0-D386-4C4F-B3EE-7A0501FD7248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7d:*:*:*:*:*:*:*",
"matchCriteriaId": "36291ADE-3D5A-4E49-8BA7-B71CAAA226B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D953DA9F-B54E-4941-85BE-48933C98DB55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "12E298AD-26AC-4E1D-83D8-5C2016CC6559",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.0.5.b:*:*:*:*:*:*:*",
"matchCriteriaId": "B71DAF71-5763-44D8-AD1E-5ADE8BC15120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B35B6FA9-E504-4CE3-B171-815291A812CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.1.5.b:*:*:*:*:*:*:*",
"matchCriteriaId": "BFA54782-93A8-47BE-863D-89CA3678BF6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.1.7.a:*:*:*:*:*:*:*",
"matchCriteriaId": "67F66A10-246D-447B-941F-F1175684F0D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.1.7.b:*:*:*:*:*:*:*",
"matchCriteriaId": "82435757-D892-4298-9176-5EC1FEC93037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D03F5D3F-6FB1-4A25-B544-D3C973F35DD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5A90348C-94E2-4F04-A887-E7EFFC1ACF12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.7.1.f:*:*:*:*:*:*:*",
"matchCriteriaId": "1F5E136E-9215-46A8-A40A-AE964C588A38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the WebVPN feature in the Cisco VPN 3000 Series Concentrators and Cisco ASA 5500 Series Adaptive Security Appliances (ASA), when in WebVPN clientless mode, allow remote attackers to inject arbitrary web script or HTML via the domain parameter in (1) dnserror.html and (2) connecterror.html, aka bugid CSCsd81095 (VPN3k) and CSCse48193 (ASA). NOTE: the vendor states that \"WebVPN full-network-access mode\" is not affected, despite the claims by the original researcher."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en WebVPN en la serie Cisco VPN 3000 y concentradores Cisco ASA 5500 Series Adaptive Security Appliances (ASA), cuando se encuentra en el modo de WebVPN sin cliente, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro domain en (1) dnserror.html y (2) connecterror.html, tambi\u00e9n conocido como bugid CSCsd81095 (VPN3k) y CSCse48193 (ASA). NOTA: El fabricante indica que \"WebVPN full-network-access mode\" no se ve afectada, a pesar de las alegaciones formuladas por el investigador original."
}
],
"id": "CVE-2006-3073",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2006-06-19T10:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20644"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://securitytracker.com/id?1016252"
},
{
"source": "cve@mitre.org",
"url": "http://www.cisco.com/warp/public/707/cisco-sr-20060613-webvpn-xss.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/26453"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/26454"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/436479/30/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/18419"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/2331"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27086"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20644"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://securitytracker.com/id?1016252"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.cisco.com/warp/public/707/cisco-sr-20060613-webvpn-xss.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/26453"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/26454"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/436479/30/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/18419"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/2331"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27086"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-0483
Vulnerability from fkie_nvd - Published: 2006-01-31 20:03 - Updated: 2025-04-03 01:03
Severity ?
Summary
Cisco VPN 3000 series concentrators running software 4.7.0 through 4.7.2.A allow remote attackers to cause a denial of service (device reload or user disconnect) via a crafted HTTP packet.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | vpn_3000_concentrator_series_software | 4.7 | |
| cisco | vpn_3000_concentrator_series_software | 4.7\(rel\) | |
| cisco | vpn_3000_concentrator_series_software | 4.7.1 | |
| cisco | vpn_3000_concentrator_series_software | 4.7.1.f | |
| cisco | vpn_3000_concentrator_series_software | 4.7.2 | |
| cisco | vpn_3000_concentrator_series_software | 4.7.2.a | |
| cisco | vpn_3030_concentator | 4.7\(rel\) | |
| cisco | vpn_3030_concentator | 4.7.1 | |
| cisco | vpn_3030_concentator | 4.7.1.f | |
| cisco | vpn_3030_concentator | 4.7.2 | |
| cisco | vpn_3030_concentator | 4.7.2.a |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D03F5D3F-6FB1-4A25-B544-D3C973F35DD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.7\\(rel\\):*:*:*:*:*:*:*",
"matchCriteriaId": "432A18AD-A495-4750-85A5-7D82FC321D7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5A90348C-94E2-4F04-A887-E7EFFC1ACF12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.7.1.f:*:*:*:*:*:*:*",
"matchCriteriaId": "1F5E136E-9215-46A8-A40A-AE964C588A38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C9729CAA-8041-43D6-9299-07CCCBFD3907",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.7.2.a:*:*:*:*:*:*:*",
"matchCriteriaId": "45A33500-B013-4863-BF12-27283ACD4AB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3030_concentator:4.7\\(rel\\):*:*:*:*:*:*:*",
"matchCriteriaId": "A459B6C2-EE91-43AE-A837-BCF4188BEB40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3030_concentator:4.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "32200DE2-71BA-417C-AF24-3BE549A68711",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3030_concentator:4.7.1.f:*:*:*:*:*:*:*",
"matchCriteriaId": "25F3F37E-4BBD-4A0E-A1DF-64602D75207D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3030_concentator:4.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B0722179-9602-42A1-81CA-062D4010B9CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3030_concentator:4.7.2.a:*:*:*:*:*:*:*",
"matchCriteriaId": "DA0E5615-4855-4A35-BE58-B9B27C7B2CC1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco VPN 3000 series concentrators running software 4.7.0 through 4.7.2.A allow remote attackers to cause a denial of service (device reload or user disconnect) via a crafted HTTP packet."
}
],
"id": "CVE-2006-0483",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-01-31T20:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18629"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/375"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1015546"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20060126-vpn.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/22754"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/16394"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/0346"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24330"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18629"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/375"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1015546"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20060126-vpn.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/22754"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/16394"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/0346"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24330"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2005-4499
Vulnerability from fkie_nvd - Published: 2005-12-22 11:03 - Updated: 2025-04-03 01:03
Severity ?
Summary
The Downloadable RADIUS ACLs feature in Cisco PIX and VPN 3000 concentrators, when creating an ACL on the Cisco Secure Access Control Server (CS ACS), generates a random internal name for an ACL that is also used as a hidden user name and password, which allows remote attackers to gain privileges by sniffing the username from the cleartext portion of a RADIUS session, then using the password to log in to another device that uses CS ACS.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:vpn_3001_concentrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "786346D5-13D8-45C9-B91D-C2AACF675377",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:vpn_3015_concentrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0A512328-2FD0-4B1D-9327-A13A0BCE9C0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:vpn_3020_concentrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D5D50FE2-A4E6-4EF4-A91C-88FB0AF6CCB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:vpn_3030_concentator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6548F964-B8EE-4B39-87CF-99743D41C42C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:vpn_3060_concentrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E08810E6-33B6-45FF-91C7-EED10DC023EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:vpn_3080_concentrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2BD1A1AC-980F-428E-8BAF-0FC821014868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85ED2D96-5CC9-4851-986A-C9ED5E2D96CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0\\(4\\):*:*:*:*:*:*:*",
"matchCriteriaId": "AC150564-7413-401A-9DD8-8AD773F1D8F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7EA0DDDD-C987-4DA6-ADEE-77B387C26A92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "49696766-ECCE-4903-AA54-271EFEA58B8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "923949D1-06EC-462F-A3BC-FCAB448042A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.5.2.a:*:*:*:*:*:*:*",
"matchCriteriaId": "901B1838-7169-41E5-80EF-29BB680BF937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.5.2.b:*:*:*:*:*:*:*",
"matchCriteriaId": "CDAEAA5F-0A98-48B7-8012-9B9909243135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.5.2.c:*:*:*:*:*:*:*",
"matchCriteriaId": "11DA4B03-2D30-4514-9DF5-5F0DDD4B8DC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.5.2.d:*:*:*:*:*:*:*",
"matchCriteriaId": "CB38834B-E4AB-43F4-888B-14B088C95594",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.5.2.f:*:*:*:*:*:*:*",
"matchCriteriaId": "23F8059B-3968-4D63-B1B3-74E545C918D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "701CDA0D-F932-4251-B484-8F20F0AE9003",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.0.3.a:*:*:*:*:*:*:*",
"matchCriteriaId": "E674AA43-905E-40E0-A70F-77D05C62C18D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.0.3.b:*:*:*:*:*:*:*",
"matchCriteriaId": "3F0D767F-7142-46D2-B3E4-7FE8E9E3285A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "057A6BA0-5F5E-4FC4-B2EC-A17968EAC2C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "645AB682-2965-4C8D-B323-AB510E424407",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.1\\(rel\\):*:*:*:*:*:*:*",
"matchCriteriaId": "76F7F019-A0A4-49CD-BB28-24BF7725AC89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "175CD875-3402-4B06-A3FA-7DFFCBB44056",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AF61B8A5-31E7-40F5-8B3D-CA90E50618AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4C9017BB-5848-4361-ABB9-C69FB3AB90FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5\\(rel\\):*:*:*:*:*:*:*",
"matchCriteriaId": "207034E8-35F7-4E78-A3FC-C86D20EB8D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C544E523-15E5-4CE5-8113-53454F5D9973",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B09F6EBD-C3FC-4680-BE31-A766D863237D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DF8C3FDA-D321-4202-A8EA-6C1464558A8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B68705AB-A133-401F-9F41-64594E071816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F9092680-E154-4EAB-A2D5-B692073F894E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8EF5F3FA-5FA4-408E-BA62-3943C5DFD859",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ADFC9764-5BF5-449F-9200-5569C13F8309",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F12F2AAC-DB5B-4C28-86C5-F59490362E54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "071F52AD-D59B-4673-BCBE-112B94D3EB66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "80709CB0-D386-4C4F-B3EE-7A0501FD7248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7.a:*:*:*:*:*:*:*",
"matchCriteriaId": "B2AFAF42-B894-4D62-A9CF-3349A43191AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7.b:*:*:*:*:*:*:*",
"matchCriteriaId": "ABE5BB7F-D8B4-441B-9F45-56F622EEAA52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7.c:*:*:*:*:*:*:*",
"matchCriteriaId": "8B87A7EC-DC23-4075-8C4A-2317FF34BDB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7.d:*:*:*:*:*:*:*",
"matchCriteriaId": "98AC18E3-D12B-489D-9D95-6C9210235FB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7.f:*:*:*:*:*:*:*",
"matchCriteriaId": "E9DB969E-8BE9-46E0-B8AA-5057E320F1ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7d:*:*:*:*:*:*:*",
"matchCriteriaId": "36291ADE-3D5A-4E49-8BA7-B71CAAA226B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D953DA9F-B54E-4941-85BE-48933C98DB55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "12E298AD-26AC-4E1D-83D8-5C2016CC6559",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "590283B1-4965-44D3-A0D4-CD90DD6B2D2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.0.5.b:*:*:*:*:*:*:*",
"matchCriteriaId": "B71DAF71-5763-44D8-AD1E-5ADE8BC15120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.1.5.b:*:*:*:*:*:*:*",
"matchCriteriaId": "BFA54782-93A8-47BE-863D-89CA3678BF6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.1.7.a:*:*:*:*:*:*:*",
"matchCriteriaId": "67F66A10-246D-447B-941F-F1175684F0D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.1.7.b:*:*:*:*:*:*:*",
"matchCriteriaId": "82435757-D892-4298-9176-5EC1FEC93037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5A90348C-94E2-4F04-A887-E7EFFC1ACF12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.7.1.f:*:*:*:*:*:*:*",
"matchCriteriaId": "1F5E136E-9215-46A8-A40A-AE964C588A38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3005_concentrator_software:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "17196F00-9D7A-4AF6-AE1E-EA2E450A8ABD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3030_concentator:4.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "32200DE2-71BA-417C-AF24-3BE549A68711",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3030_concentator:4.7.1.f:*:*:*:*:*:*:*",
"matchCriteriaId": "25F3F37E-4BBD-4A0E-A1DF-64602D75207D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:pix_asa_ids:*:*:*:*:*:*:*:*",
"matchCriteriaId": "701810DC-0A46-4D01-90BD-03AAF277E4DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:pix_firewall:6.2.2_.111:*:*:*:*:*:*:*",
"matchCriteriaId": "ECBC761F-A8F5-4CD8-B19C-5CE8FFC58FDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:pix_firewall:6.2.3_\\(110\\):*:*:*:*:*:*:*",
"matchCriteriaId": "900DC321-4CEF-4810-8247-B82FE93F48BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:pix_firewall:6.3.3_\\(133\\):*:*:*:*:*:*:*",
"matchCriteriaId": "422F8E64-2376-4E82-A1A2-916BFB7172AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CE5C8F8B-4F20-4635-81FF-92F144F43793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:2.0:*:unix:*:*:*:*:*",
"matchCriteriaId": "22B6CD99-5B21-4961-AD47-B1722E586664",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:2.1:*:windows_nt:*:*:*:*:*",
"matchCriteriaId": "3BF391B2-17C6-4633-8CE9-35B637BFDC79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:2.3:*:unix:*:*:*:*:*",
"matchCriteriaId": "7889030E-97F7-4CCD-8050-5250B1F58C26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:2.3:*:windows_nt:*:*:*:*:*",
"matchCriteriaId": "26B0CB70-CC82-4FF1-882C-0712354DA113",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:2.3.5.1:*:unix:*:*:*:*:*",
"matchCriteriaId": "543A3774-28EB-406D-830E-957B5E9E7A66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:2.3.6.1:*:unix:*:*:*:*:*",
"matchCriteriaId": "B0B5C19A-58BB-4A7A-886D-3567B37F466D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:2.4:*:windows_nt:*:*:*:*:*",
"matchCriteriaId": "4126D9DE-A75E-4A9E-9DA7-1477D5688872",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:2.5:*:windows_nt:*:*:*:*:*",
"matchCriteriaId": "0354C50C-4104-4960-B1EE-F212CD3D6AE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:2.6:*:windows_nt:*:*:*:*:*",
"matchCriteriaId": "DE9B81AC-1D16-4FDF-B438-3D3ED2BE9538",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:2.6.2:*:windows_nt:*:*:*:*:*",
"matchCriteriaId": "8F515D7A-D663-49F0-8F12-1484000505FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:2.6.3:*:windows_nt:*:*:*:*:*",
"matchCriteriaId": "A668278F-8080-4295-95EB-88341478D16B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:2.6.4:*:windows_nt:*:*:*:*:*",
"matchCriteriaId": "A66BED35-F385-4A0C-9416-6F007536133E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:2.42:*:windows_nt:*:*:*:*:*",
"matchCriteriaId": "5EA57609-522C-4431-92AE-4FF11AA67320",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "44D05855-C8C1-4243-8438-5A36A01A8F48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.0:*:windows_nt:*:*:*:*:*",
"matchCriteriaId": "A60B49A7-B569-4485-A6B3-E14B9FB96950",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.0.1:*:windows_nt:*:*:*:*:*",
"matchCriteriaId": "FA889730-B2FF-4219-BBCA-A4364BA61EAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.0.3:*:windows_nt:*:*:*:*:*",
"matchCriteriaId": "8731D5CC-A6F9-48DB-B1D1-FD50CEAC63D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB11A75E-2E4B-4B83-B763-CBBC1D9DFB36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.1.1:*:windows_nt:*:*:*:*:*",
"matchCriteriaId": "DFFE6A50-B704-42BB-8FFF-27E9F4D3B576",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "109147BF-3225-48E4-8BE1-2E5B59921032",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.2:*:windows_server:*:*:*:*:*",
"matchCriteriaId": "7CDA01B6-6887-40BB-B541-65F198D03219",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.2\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "86806D6E-1BDF-4253-AEB7-D9D88D224812",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.2\\(1.20\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B0BD6882-379C-4EA7-8E51-124273C5A56F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.2\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "680E5A81-6409-4CE7-8496-D7845FD7E851",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.2\\(3\\):*:*:*:*:*:*:*",
"matchCriteriaId": "3868E060-0278-491A-9943-1A2E435C7606",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F39D3441-C84A-403A-ACB4-8019579EE4DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "61ED039B-C3E6-4BC8-A97A-351EC9CEAF16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D2793200-D95D-4BD3-8DF2-4A847230FBE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.3\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "0E587654-B5A0-47A4-BED6-D8DB69AEF566",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6F07B954-817F-47AC-BCAC-3DA697A6E2F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0CC1B599-05C0-4FB5-A47B-5D858DAB43A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_3002_hardware_client:*:*:*:*:*:*:*:*",
"matchCriteriaId": "12ECF578-84BF-4F41-9462-C09FA517F2A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:pix_firewall_501:*:*:*:*:*:*:*:*",
"matchCriteriaId": "151D5A44-2D0D-478A-B011-A0892817B814",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:pix_firewall_506:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E346F334-9BA3-4BDC-8D0F-D749A7D76E66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:pix_firewall_515:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F6EE5C14-F556-48A5-BB3F-5465DC823B85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:pix_firewall_515e:*:*:*:*:*:*:*:*",
"matchCriteriaId": "286199EA-71CF-46B4-9131-F1752C2EA82D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:pix_firewall_520:*:*:*:*:*:*:*:*",
"matchCriteriaId": "32E437F4-1B19-4B57-9EAD-3AC04717E389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:pix_firewall_525:*:*:*:*:*:*:*:*",
"matchCriteriaId": "29B2019F-DF6E-4924-B0D2-37094B5265F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:pix_firewall_535:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9600B7CF-4AEB-4319-8EF4-4FEA40EF6367",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C5A417-C48D-4799-A766-7B231ADF27C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "026A2C0D-AD93-49DC-AF72-8C12AD565B2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "920FAF7C-2964-497B-B1F8-3B060AAB4C55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2D499F38-A34C-44D0-A061-C3AE08CF178B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "63E564B5-A39F-4837-93B8-1331CD975D4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:4.1\\(6\\):*:*:*:*:*:*:*",
"matchCriteriaId": "1EEDB9DD-C862-4783-9F96-88836424B298",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:4.1\\(6b\\):*:*:*:*:*:*:*",
"matchCriteriaId": "3BD36C4A-4B90-4012-B4A5-6081C413E302",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C39A993C-5A36-4D3F-B8B6-9B3252713127",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:4.2\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B1C4F7D5-DCD0-409C-86BF-A96A5253DF64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:4.2\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8198D129-76D0-4983-BFC4-8EC724FE1B6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:4.2\\(5\\):*:*:*:*:*:*:*",
"matchCriteriaId": "6BEECFAA-9DD5-4950-B9F1-CF8582225314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "49566EAC-05AF-4880-8000-351AF538E4CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "23E9FBEE-3213-47FA-8CBA-C285533265FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:4.4\\(4\\):*:*:*:*:*:*:*",
"matchCriteriaId": "118CBF59-DAD8-468E-B279-F6359E4624F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:4.4\\(7.202\\):*:*:*:*:*:*:*",
"matchCriteriaId": "957E6F8F-6881-44DE-A687-9D1E0C13F6CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:4.4\\(8\\):*:*:*:*:*:*:*",
"matchCriteriaId": "E56328FE-F499-4325-AFEC-45BFEAB7662D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7AA2E425-904C-4070-8F5F-B81BCF3147F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "604CF950-5D4B-4DC6-819E-0528B22CB05C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:5.1\\(4\\):*:*:*:*:*:*:*",
"matchCriteriaId": "E12887E5-A2BB-4B1E-9621-2961458BCE21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:5.1\\(4.206\\):*:*:*:*:*:*:*",
"matchCriteriaId": "3B5BE2F7-687C-477B-818B-A102526DF36D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "999A0969-60EB-4B2E-A274-9F05D9F840E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:5.2\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "626E41D2-A5EF-493D-9486-3D9BC3793EAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:5.2\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "EBA31E4D-2215-4E4A-BCCC-B3D922CB752D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:5.2\\(3.210\\):*:*:*:*:*:*:*",
"matchCriteriaId": "4F16AD2C-1CC1-43D9-A944-F67071B62E66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:5.2\\(5\\):*:*:*:*:*:*:*",
"matchCriteriaId": "A42FFBF7-9ADB-4F14-BED8-F2E53BEE7B62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:5.2\\(6\\):*:*:*:*:*:*:*",
"matchCriteriaId": "25D16481-CA9A-4B4D-AC9D-3A4F0387FF19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:5.2\\(7\\):*:*:*:*:*:*:*",
"matchCriteriaId": "56E4588E-6C1F-4720-8082-0EF299435CB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:5.2\\(9\\):*:*:*:*:*:*:*",
"matchCriteriaId": "D24E0E92-59D7-4B16-8B0D-2FD0EE821D93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "ED24C763-7558-4AC0-AE10-FDA3D3078D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:5.3\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "4CC85ED3-B598-4A87-A2B8-8D3B52ECC2F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:5.3\\(1.200\\):*:*:*:*:*:*:*",
"matchCriteriaId": "C84CE24E-4ED6-43D0-A234-FBD24D22A8A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:5.3\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "FF84B9FE-7C6C-4578-A5A9-EF0D5EEEEC19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:5.3\\(3\\):*:*:*:*:*:*:*",
"matchCriteriaId": "72C3E2B4-3A36-44B5-90D3-1BF9FAD98579",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "58BE9C02-2A01-4F6F-A6BD-BC0173561E9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "C558CED8-8342-46CB-9F52-580B626D320E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "0F85D19E-6C26-429D-B876-F34238B9DAAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(3\\):*:*:*:*:*:*:*",
"matchCriteriaId": "FEC7CCF7-CBC6-4EDC-8EDD-884DFFFBCC7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(4\\):*:*:*:*:*:*:*",
"matchCriteriaId": "E5011A33-CD6D-4EFC-ACFD-E51C9AE726A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(4.101\\):*:*:*:*:*:*:*",
"matchCriteriaId": "09063867-0E64-4630-B35B-4CCA348E4DAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "78F98CD7-A352-483C-9968-8FB2627A7CBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "F97FE485-705F-4707-B6C6-0EF9E8A85D5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "E2B925E8-D2C2-4E8C-AC21-0C422245C482",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(3\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B9170562-872E-4C32-869C-B10FF35A925E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(4\\):*:*:*:*:*:*:*",
"matchCriteriaId": "D0927A68-8BB2-4F03-8396-E9CACC158FC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(5\\):*:*:*:*:*:*:*",
"matchCriteriaId": "559DDBA3-2AF4-4A0C-B219-6779BA931F21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.1.5\\(104\\):*:*:*:*:*:*:*",
"matchCriteriaId": "F76AED68-8304-4BC6-9D98-64231B08A6A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ED9D142A-DDC8-4BD6-8C22-F242C9C0B1ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "5226C9CC-6933-4F10-B426-B47782C606FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "757DAE9A-B25D-4B8A-A41B-66C2897B537E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(3\\):*:*:*:*:*:*:*",
"matchCriteriaId": "5E3DC170-E279-4725-B9EE-6840B5685CC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(3.100\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8091EDA9-BD18-47F7-8CEC-E086238647C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6F867890-74A4-4892-B99A-27DB4603B873",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "CE05B514-F094-4632-B25B-973F976F6409",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "3392428D-1A85-4472-A276-C482A78E2CE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(3\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B0D74D2C-662B-4D24-89EE-3DB73F96BBF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(3.102\\):*:*:*:*:*:*:*",
"matchCriteriaId": "40954985-16E6-4F37-B014-6A55166AE093",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(3.109\\):*:*:*:*:*:*:*",
"matchCriteriaId": "0C097809-1FEF-4417-A201-42291CC29122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(5\\):*:*:*:*:*:*:*",
"matchCriteriaId": "5E6D5FD3-CF95-4A3B-9ADB-CEC77F73CA78",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Downloadable RADIUS ACLs feature in Cisco PIX and VPN 3000 concentrators, when creating an ACL on the Cisco Secure Access Control Server (CS ACS), generates a random internal name for an ACL that is also used as a hidden user name and password, which allows remote attackers to gain privileges by sniffing the username from the cleartext portion of a RADIUS session, then using the password to log in to another device that uses CS ACS."
}
],
"id": "CVE-2005-4499",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-12-22T11:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/18141"
},
{
"source": "cve@mitre.org",
"url": "http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_field_notice09186a00805bf1c4.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/22193"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/420020/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/420103/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/16025"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/18141"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_field_notice09186a00805bf1c4.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/22193"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/420020/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/420103/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/16025"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2005-3669
Vulnerability from fkie_nvd - Published: 2005-11-18 21:03 - Updated: 2025-04-03 01:03
Severity ?
Summary
Multiple unspecified vulnerabilities in the Internet Key Exchange version 1 (IKEv1) implementation in multiple Cisco products allow remote attackers to cause a denial of service (device reset) via certain malformed IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the Cisco advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:firewall_services_module:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A9CB22A-21E0-46F6-B6CD-BB38A80FA7A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:firewall_services_module:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B9CAFC15-178C-4176-9668-D4A04B63E77B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:firewall_services_module:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3C8D6949-89F4-40EF-98F4-8D15628DC345",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:firewall_services_module:1.1_\\(3.005\\):*:*:*:*:*:*:*",
"matchCriteriaId": "F3DB2AEE-FB5C-42B7-845B-EDA3E58D5D68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:firewall_services_module:2.1_\\(0.208\\):*:*:*:*:*:*:*",
"matchCriteriaId": "6479D85C-1A12-486D-818C-6679F415CA26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "923949D1-06EC-462F-A3BC-FCAB448042A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.5.2.a:*:*:*:*:*:*:*",
"matchCriteriaId": "901B1838-7169-41E5-80EF-29BB680BF937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.5.2.b:*:*:*:*:*:*:*",
"matchCriteriaId": "CDAEAA5F-0A98-48B7-8012-9B9909243135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.5.2.c:*:*:*:*:*:*:*",
"matchCriteriaId": "11DA4B03-2D30-4514-9DF5-5F0DDD4B8DC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.5.2.d:*:*:*:*:*:*:*",
"matchCriteriaId": "CB38834B-E4AB-43F4-888B-14B088C95594",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.5.2.f:*:*:*:*:*:*:*",
"matchCriteriaId": "23F8059B-3968-4D63-B1B3-74E545C918D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "701CDA0D-F932-4251-B484-8F20F0AE9003",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.0.3.a:*:*:*:*:*:*:*",
"matchCriteriaId": "E674AA43-905E-40E0-A70F-77D05C62C18D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.0.3.b:*:*:*:*:*:*:*",
"matchCriteriaId": "3F0D767F-7142-46D2-B3E4-7FE8E9E3285A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "057A6BA0-5F5E-4FC4-B2EC-A17968EAC2C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "645AB682-2965-4C8D-B323-AB510E424407",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.1\\(rel\\):*:*:*:*:*:*:*",
"matchCriteriaId": "76F7F019-A0A4-49CD-BB28-24BF7725AC89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "175CD875-3402-4B06-A3FA-7DFFCBB44056",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AF61B8A5-31E7-40F5-8B3D-CA90E50618AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4C9017BB-5848-4361-ABB9-C69FB3AB90FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5\\(rel\\):*:*:*:*:*:*:*",
"matchCriteriaId": "207034E8-35F7-4E78-A3FC-C86D20EB8D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C544E523-15E5-4CE5-8113-53454F5D9973",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B09F6EBD-C3FC-4680-BE31-A766D863237D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DF8C3FDA-D321-4202-A8EA-6C1464558A8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B68705AB-A133-401F-9F41-64594E071816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F9092680-E154-4EAB-A2D5-B692073F894E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8EF5F3FA-5FA4-408E-BA62-3943C5DFD859",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ADFC9764-5BF5-449F-9200-5569C13F8309",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "80709CB0-D386-4C4F-B3EE-7A0501FD7248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7d:*:*:*:*:*:*:*",
"matchCriteriaId": "36291ADE-3D5A-4E49-8BA7-B71CAAA226B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D953DA9F-B54E-4941-85BE-48933C98DB55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "12E298AD-26AC-4E1D-83D8-5C2016CC6559",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.0.5.b:*:*:*:*:*:*:*",
"matchCriteriaId": "B71DAF71-5763-44D8-AD1E-5ADE8BC15120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.1.5.b:*:*:*:*:*:*:*",
"matchCriteriaId": "BFA54782-93A8-47BE-863D-89CA3678BF6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.1.7.a:*:*:*:*:*:*:*",
"matchCriteriaId": "67F66A10-246D-447B-941F-F1175684F0D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.1.7.b:*:*:*:*:*:*:*",
"matchCriteriaId": "82435757-D892-4298-9176-5EC1FEC93037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5A90348C-94E2-4F04-A887-E7EFFC1ACF12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.7.1.f:*:*:*:*:*:*:*",
"matchCriteriaId": "1F5E136E-9215-46A8-A40A-AE964C588A38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios:12.2sxd:*:*:*:*:*:*:*",
"matchCriteriaId": "FC1DDD7C-7921-45D3-81F7-4D9A407CBB5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:12.3t:*:*:*:*:*:*:*",
"matchCriteriaId": "C0C3B413-76F7-413B-A51F-29834F9DE722",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:12.3tpc:*:*:*:*:*:*:*",
"matchCriteriaId": "841CDC5F-8F0E-4AE7-A7A9-960E0A8C66B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:12.3xd:*:*:*:*:*:*:*",
"matchCriteriaId": "7EC2D158-6174-4AE8-83DA-125B072B6980",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:12.3xe:*:*:*:*:*:*:*",
"matchCriteriaId": "A5688D88-A550-43EB-8854-2E132EC71156",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:12.3xf:*:*:*:*:*:*:*",
"matchCriteriaId": "8218E2D3-4F1E-440F-A2B2-A68D4692BB17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:12.3xg:*:*:*:*:*:*:*",
"matchCriteriaId": "6BE2132D-CF21-49F1-BC66-FA6CDB6D72BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:12.3xh:*:*:*:*:*:*:*",
"matchCriteriaId": "E2E3044F-3CE8-4970-9A7F-FDF555F622A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:12.3xi:*:*:*:*:*:*:*",
"matchCriteriaId": "AA212293-7BAF-4AD9-BD30-E953CBA7CB95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:12.3xj:*:*:*:*:*:*:*",
"matchCriteriaId": "CEF3B2A9-027B-4141-B0FB-D31A2C918CF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:12.3xk:*:*:*:*:*:*:*",
"matchCriteriaId": "1018E04C-5575-4D1A-B482-D1CDB9AD6A50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:12.3xm:*:*:*:*:*:*:*",
"matchCriteriaId": "AB57AAA9-4715-468F-A734-A12209A6069F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:12.3xq:*:*:*:*:*:*:*",
"matchCriteriaId": "86B9E611-3F06-424C-96EF-EE4997C70AB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:12.3xr:*:*:*:*:*:*:*",
"matchCriteriaId": "E0A5760A-9FFE-4941-B2BD-7DD54B1E1B37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:12.3xs:*:*:*:*:*:*:*",
"matchCriteriaId": "98FE195E-084B-4F4C-800D-850165DED48C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:12.3xu:*:*:*:*:*:*:*",
"matchCriteriaId": "FB74F350-37F8-48DF-924E-415E51932163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:12.3xw:*:*:*:*:*:*:*",
"matchCriteriaId": "E618BF54-56DC-40FC-A515-3BFB4366F823",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:12.3xx:*:*:*:*:*:*:*",
"matchCriteriaId": "A1976E53-85A6-494F-B8AC-847E7988850C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:12.3ya:*:*:*:*:*:*:*",
"matchCriteriaId": "320C5597-68BE-4899-9EBB-9B4DEE8EA7DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:12.3yd:*:*:*:*:*:*:*",
"matchCriteriaId": "520304A4-EB15-42A8-A402-8251A4D2076D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:12.3yf:*:*:*:*:*:*:*",
"matchCriteriaId": "C46B66D6-1BF1-4DCA-868F-BADE3CB96063",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:12.3yg:*:*:*:*:*:*:*",
"matchCriteriaId": "CA88C064-898F-4C0D-A266-D7B3509C28A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:12.3yh:*:*:*:*:*:*:*",
"matchCriteriaId": "139B1182-61A3-4F3D-9E29-758F27917646",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:12.3yi:*:*:*:*:*:*:*",
"matchCriteriaId": "0CC3706F-B00A-405E-917E-7FD5217E0501",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:12.3yj:*:*:*:*:*:*:*",
"matchCriteriaId": "1B46199E-0DF1-4B3F-A29E-1A2FC016F0F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:12.3yk:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF4D0E3-8015-4D6F-8364-B6EEAAE67971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:12.3ym:*:*:*:*:*:*:*",
"matchCriteriaId": "2595DCBA-E6F2-4551-A804-4DBB137F076B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:12.3yq:*:*:*:*:*:*:*",
"matchCriteriaId": "CD6DF12B-2A20-4AC5-8EC5-729008D87736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:12.3ys:*:*:*:*:*:*:*",
"matchCriteriaId": "6BF9D6B6-E51F-44FF-97E5-15E0C4E9C3D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:12.3yt:*:*:*:*:*:*:*",
"matchCriteriaId": "A25C42FA-37F4-4B7F-AFCA-D7F081F58CF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:12.3yu:*:*:*:*:*:*:*",
"matchCriteriaId": "B0AB8F07-AF43-4202-9908-F9A1DF6FFC03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:12.3yw:*:*:*:*:*:*:*",
"matchCriteriaId": "F8711A47-ABD5-40ED-847A-8D1663E3D819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:12.3yx:*:*:*:*:*:*:*",
"matchCriteriaId": "2958873B-A0AB-4EAF-A5CF-8423739FAB07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:12.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9D4D8C72-E7BB-40BF-9AE5-622794D63E09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:12.4t:*:*:*:*:*:*:*",
"matchCriteriaId": "BEAD7398-D1B2-47FB-952D-8C3162D5A363",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:12.4xa:*:*:*:*:*:*:*",
"matchCriteriaId": "99235FFB-4439-40B2-ADBD-B08E5DBBCCB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:12.4xb:*:*:*:*:*:*:*",
"matchCriteriaId": "C1797E4E-E15C-4148-9B3D-4FF6D1D815AF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85ED2D96-5CC9-4851-986A-C9ED5E2D96CB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:pix_firewall:6.2.2_.111:*:*:*:*:*:*:*",
"matchCriteriaId": "ECBC761F-A8F5-4CD8-B19C-5CE8FFC58FDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:pix_firewall:6.2.3_\\(110\\):*:*:*:*:*:*:*",
"matchCriteriaId": "900DC321-4CEF-4810-8247-B82FE93F48BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:pix_firewall:6.3.3_\\(133\\):*:*:*:*:*:*:*",
"matchCriteriaId": "422F8E64-2376-4E82-A1A2-916BFB7172AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:mds_9000:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0F2ED90B-DDBA-49DE-AC78-20E7D77C8858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:mds_9000_san-os:1.3\\(3.33\\):*:*:*:*:*:*:*",
"matchCriteriaId": "D7E572F2-64A1-4188-B8BF-56B7DAFAD2D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:mds_9000_san-os:1.3\\(4a\\):*:*:*:*:*:*:*",
"matchCriteriaId": "994EF979-3A4A-4910-8CE7-C15BC0D05A29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:mds_9000_san-os:2.0\\(0.86\\):*:*:*:*:*:*:*",
"matchCriteriaId": "C92F3035-2D2A-475E-98A7-35FE965138A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "026A2C0D-AD93-49DC-AF72-8C12AD565B2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "920FAF7C-2964-497B-B1F8-3B060AAB4C55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2D499F38-A34C-44D0-A061-C3AE08CF178B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "63E564B5-A39F-4837-93B8-1331CD975D4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:4.1\\(6\\):*:*:*:*:*:*:*",
"matchCriteriaId": "1EEDB9DD-C862-4783-9F96-88836424B298",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:4.1\\(6b\\):*:*:*:*:*:*:*",
"matchCriteriaId": "3BD36C4A-4B90-4012-B4A5-6081C413E302",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C39A993C-5A36-4D3F-B8B6-9B3252713127",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:4.2\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B1C4F7D5-DCD0-409C-86BF-A96A5253DF64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:4.2\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8198D129-76D0-4983-BFC4-8EC724FE1B6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:4.2\\(5\\):*:*:*:*:*:*:*",
"matchCriteriaId": "6BEECFAA-9DD5-4950-B9F1-CF8582225314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "49566EAC-05AF-4880-8000-351AF538E4CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "23E9FBEE-3213-47FA-8CBA-C285533265FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:4.4\\(4\\):*:*:*:*:*:*:*",
"matchCriteriaId": "118CBF59-DAD8-468E-B279-F6359E4624F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:4.4\\(7.202\\):*:*:*:*:*:*:*",
"matchCriteriaId": "957E6F8F-6881-44DE-A687-9D1E0C13F6CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:4.4\\(8\\):*:*:*:*:*:*:*",
"matchCriteriaId": "E56328FE-F499-4325-AFEC-45BFEAB7662D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7AA2E425-904C-4070-8F5F-B81BCF3147F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "604CF950-5D4B-4DC6-819E-0528B22CB05C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:5.1\\(4\\):*:*:*:*:*:*:*",
"matchCriteriaId": "E12887E5-A2BB-4B1E-9621-2961458BCE21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:5.1\\(4.206\\):*:*:*:*:*:*:*",
"matchCriteriaId": "3B5BE2F7-687C-477B-818B-A102526DF36D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "999A0969-60EB-4B2E-A274-9F05D9F840E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:5.2\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "626E41D2-A5EF-493D-9486-3D9BC3793EAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:5.2\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "EBA31E4D-2215-4E4A-BCCC-B3D922CB752D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:5.2\\(3.210\\):*:*:*:*:*:*:*",
"matchCriteriaId": "4F16AD2C-1CC1-43D9-A944-F67071B62E66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:5.2\\(5\\):*:*:*:*:*:*:*",
"matchCriteriaId": "A42FFBF7-9ADB-4F14-BED8-F2E53BEE7B62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:5.2\\(6\\):*:*:*:*:*:*:*",
"matchCriteriaId": "25D16481-CA9A-4B4D-AC9D-3A4F0387FF19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:5.2\\(7\\):*:*:*:*:*:*:*",
"matchCriteriaId": "56E4588E-6C1F-4720-8082-0EF299435CB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:5.2\\(9\\):*:*:*:*:*:*:*",
"matchCriteriaId": "D24E0E92-59D7-4B16-8B0D-2FD0EE821D93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "ED24C763-7558-4AC0-AE10-FDA3D3078D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:5.3\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "4CC85ED3-B598-4A87-A2B8-8D3B52ECC2F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:5.3\\(1.200\\):*:*:*:*:*:*:*",
"matchCriteriaId": "C84CE24E-4ED6-43D0-A234-FBD24D22A8A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:5.3\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "FF84B9FE-7C6C-4578-A5A9-EF0D5EEEEC19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:5.3\\(3\\):*:*:*:*:*:*:*",
"matchCriteriaId": "72C3E2B4-3A36-44B5-90D3-1BF9FAD98579",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "58BE9C02-2A01-4F6F-A6BD-BC0173561E9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "C558CED8-8342-46CB-9F52-580B626D320E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "0F85D19E-6C26-429D-B876-F34238B9DAAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(3\\):*:*:*:*:*:*:*",
"matchCriteriaId": "FEC7CCF7-CBC6-4EDC-8EDD-884DFFFBCC7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(4\\):*:*:*:*:*:*:*",
"matchCriteriaId": "E5011A33-CD6D-4EFC-ACFD-E51C9AE726A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(4.101\\):*:*:*:*:*:*:*",
"matchCriteriaId": "09063867-0E64-4630-B35B-4CCA348E4DAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "78F98CD7-A352-483C-9968-8FB2627A7CBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "F97FE485-705F-4707-B6C6-0EF9E8A85D5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "E2B925E8-D2C2-4E8C-AC21-0C422245C482",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(3\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B9170562-872E-4C32-869C-B10FF35A925E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(4\\):*:*:*:*:*:*:*",
"matchCriteriaId": "D0927A68-8BB2-4F03-8396-E9CACC158FC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(5\\):*:*:*:*:*:*:*",
"matchCriteriaId": "559DDBA3-2AF4-4A0C-B219-6779BA931F21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.1.5\\(104\\):*:*:*:*:*:*:*",
"matchCriteriaId": "F76AED68-8304-4BC6-9D98-64231B08A6A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ED9D142A-DDC8-4BD6-8C22-F242C9C0B1ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "5226C9CC-6933-4F10-B426-B47782C606FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "757DAE9A-B25D-4B8A-A41B-66C2897B537E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(3\\):*:*:*:*:*:*:*",
"matchCriteriaId": "5E3DC170-E279-4725-B9EE-6840B5685CC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(3.100\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8091EDA9-BD18-47F7-8CEC-E086238647C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6F867890-74A4-4892-B99A-27DB4603B873",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "CE05B514-F094-4632-B25B-973F976F6409",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "3392428D-1A85-4472-A276-C482A78E2CE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(3.102\\):*:*:*:*:*:*:*",
"matchCriteriaId": "40954985-16E6-4F37-B014-6A55166AE093",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(3.109\\):*:*:*:*:*:*:*",
"matchCriteriaId": "0C097809-1FEF-4417-A201-42291CC29122",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in the Internet Key Exchange version 1 (IKEv1) implementation in multiple Cisco products allow remote attackers to cause a denial of service (device reset) via certain malformed IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the Cisco advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to."
}
],
"id": "CVE-2005-3669",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-11-18T21:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://jvn.jp/niscc/NISCC-273756/index.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/17553"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1015198"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1015199"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1015200"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1015201"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1015202"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20051114-ipsec.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/226364"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.niscc.gov.uk/niscc/docs/br-20051114-01013.html?lang=en"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/15401"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5226"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/niscc/NISCC-273756/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17553"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1015198"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1015199"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1015200"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1015201"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1015202"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20051114-ipsec.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/226364"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.niscc.gov.uk/niscc/docs/br-20051114-01013.html?lang=en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/15401"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5226"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2005-2025
Vulnerability from fkie_nvd - Published: 2005-06-20 04:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Cisco VPN 3000 Concentrator before 4.1.7.F allows remote attackers to determine valid groupnames by sending an IKE Aggressive Mode packet with the groupname in the ID field, which generates a response if the groupname is valid, but does not generate a response for an invalid groupname.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://www.nta-monitor.com/news/vpn-flaws/cisco/VPN-Concentrator/index.htm | Exploit, Patch, Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/13992 | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2005/0822 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.nta-monitor.com/news/vpn-flaws/cisco/VPN-Concentrator/index.htm | Exploit, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/13992 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2005/0822 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:vpn_3000_concentrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "24BE2649-D823-486B-8F6C-4B8128EC2795",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:vpn_3015_concentrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0A512328-2FD0-4B1D-9327-A13A0BCE9C0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:vpn_3020_concentrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D5D50FE2-A4E6-4EF4-A91C-88FB0AF6CCB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:vpn_3030_concentator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6548F964-B8EE-4B39-87CF-99743D41C42C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:vpn_3060_concentrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E08810E6-33B6-45FF-91C7-EED10DC023EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:vpn_3080_concentrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2BD1A1AC-980F-428E-8BAF-0FC821014868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "923949D1-06EC-462F-A3BC-FCAB448042A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.5.2.a:*:*:*:*:*:*:*",
"matchCriteriaId": "901B1838-7169-41E5-80EF-29BB680BF937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.5.2.b:*:*:*:*:*:*:*",
"matchCriteriaId": "CDAEAA5F-0A98-48B7-8012-9B9909243135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.5.2.c:*:*:*:*:*:*:*",
"matchCriteriaId": "11DA4B03-2D30-4514-9DF5-5F0DDD4B8DC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.5.2.d:*:*:*:*:*:*:*",
"matchCriteriaId": "CB38834B-E4AB-43F4-888B-14B088C95594",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.5.2.f:*:*:*:*:*:*:*",
"matchCriteriaId": "23F8059B-3968-4D63-B1B3-74E545C918D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "701CDA0D-F932-4251-B484-8F20F0AE9003",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.0.3.a:*:*:*:*:*:*:*",
"matchCriteriaId": "E674AA43-905E-40E0-A70F-77D05C62C18D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.0.3.b:*:*:*:*:*:*:*",
"matchCriteriaId": "3F0D767F-7142-46D2-B3E4-7FE8E9E3285A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "057A6BA0-5F5E-4FC4-B2EC-A17968EAC2C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.1\\(rel\\):*:*:*:*:*:*:*",
"matchCriteriaId": "76F7F019-A0A4-49CD-BB28-24BF7725AC89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "175CD875-3402-4B06-A3FA-7DFFCBB44056",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AF61B8A5-31E7-40F5-8B3D-CA90E50618AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4C9017BB-5848-4361-ABB9-C69FB3AB90FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5\\(rel\\):*:*:*:*:*:*:*",
"matchCriteriaId": "207034E8-35F7-4E78-A3FC-C86D20EB8D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C544E523-15E5-4CE5-8113-53454F5D9973",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B09F6EBD-C3FC-4680-BE31-A766D863237D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DF8C3FDA-D321-4202-A8EA-6C1464558A8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B68705AB-A133-401F-9F41-64594E071816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F9092680-E154-4EAB-A2D5-B692073F894E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ADFC9764-5BF5-449F-9200-5569C13F8309",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F12F2AAC-DB5B-4C28-86C5-F59490362E54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "071F52AD-D59B-4673-BCBE-112B94D3EB66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "80709CB0-D386-4C4F-B3EE-7A0501FD7248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7.a:*:*:*:*:*:*:*",
"matchCriteriaId": "B2AFAF42-B894-4D62-A9CF-3349A43191AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7.b:*:*:*:*:*:*:*",
"matchCriteriaId": "ABE5BB7F-D8B4-441B-9F45-56F622EEAA52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7.c:*:*:*:*:*:*:*",
"matchCriteriaId": "8B87A7EC-DC23-4075-8C4A-2317FF34BDB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7.d:*:*:*:*:*:*:*",
"matchCriteriaId": "98AC18E3-D12B-489D-9D95-6C9210235FB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7.f:*:*:*:*:*:*:*",
"matchCriteriaId": "E9DB969E-8BE9-46E0-B8AA-5057E320F1ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7d:*:*:*:*:*:*:*",
"matchCriteriaId": "36291ADE-3D5A-4E49-8BA7-B71CAAA226B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D953DA9F-B54E-4941-85BE-48933C98DB55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "12E298AD-26AC-4E1D-83D8-5C2016CC6559",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.0.5.b:*:*:*:*:*:*:*",
"matchCriteriaId": "B71DAF71-5763-44D8-AD1E-5ADE8BC15120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B35B6FA9-E504-4CE3-B171-815291A812CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.1.5.b:*:*:*:*:*:*:*",
"matchCriteriaId": "BFA54782-93A8-47BE-863D-89CA3678BF6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.1.7.a:*:*:*:*:*:*:*",
"matchCriteriaId": "67F66A10-246D-447B-941F-F1175684F0D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.1.7.b:*:*:*:*:*:*:*",
"matchCriteriaId": "82435757-D892-4298-9176-5EC1FEC93037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3005_concentrator_software:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "17196F00-9D7A-4AF6-AE1E-EA2E450A8ABD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco VPN 3000 Concentrator before 4.1.7.F allows remote attackers to determine valid groupnames by sending an IKE Aggressive Mode packet with the groupname in the ID field, which generates a response if the groupname is valid, but does not generate a response for an invalid groupname."
}
],
"id": "CVE-2005-2025",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-06-20T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.nta-monitor.com/news/vpn-flaws/cisco/VPN-Concentrator/index.htm"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/13992"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2005/0822"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.nta-monitor.com/news/vpn-flaws/cisco/VPN-Concentrator/index.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/13992"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/0822"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2005-0943
Vulnerability from fkie_nvd - Published: 2005-03-30 05:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Cisco VPN 3000 series Concentrator running firmware 4.1.7.A and earlier allows remote attackers to cause a denial of service (device reload or drop user connection) via a crafted HTTPS packet.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:vpn_3015_concentrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0A512328-2FD0-4B1D-9327-A13A0BCE9C0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:vpn_3020_concentrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D5D50FE2-A4E6-4EF4-A91C-88FB0AF6CCB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:vpn_3030_concentator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6548F964-B8EE-4B39-87CF-99743D41C42C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:vpn_3060_concentrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E08810E6-33B6-45FF-91C7-EED10DC023EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:vpn_3080_concentrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2BD1A1AC-980F-428E-8BAF-0FC821014868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "923949D1-06EC-462F-A3BC-FCAB448042A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.5.2.a:*:*:*:*:*:*:*",
"matchCriteriaId": "901B1838-7169-41E5-80EF-29BB680BF937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.5.2.b:*:*:*:*:*:*:*",
"matchCriteriaId": "CDAEAA5F-0A98-48B7-8012-9B9909243135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.5.2.c:*:*:*:*:*:*:*",
"matchCriteriaId": "11DA4B03-2D30-4514-9DF5-5F0DDD4B8DC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.5.2.d:*:*:*:*:*:*:*",
"matchCriteriaId": "CB38834B-E4AB-43F4-888B-14B088C95594",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.5.2.f:*:*:*:*:*:*:*",
"matchCriteriaId": "23F8059B-3968-4D63-B1B3-74E545C918D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "701CDA0D-F932-4251-B484-8F20F0AE9003",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.0.3.a:*:*:*:*:*:*:*",
"matchCriteriaId": "E674AA43-905E-40E0-A70F-77D05C62C18D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.0.3.b:*:*:*:*:*:*:*",
"matchCriteriaId": "3F0D767F-7142-46D2-B3E4-7FE8E9E3285A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "057A6BA0-5F5E-4FC4-B2EC-A17968EAC2C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "645AB682-2965-4C8D-B323-AB510E424407",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.1\\(rel\\):*:*:*:*:*:*:*",
"matchCriteriaId": "76F7F019-A0A4-49CD-BB28-24BF7725AC89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "175CD875-3402-4B06-A3FA-7DFFCBB44056",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AF61B8A5-31E7-40F5-8B3D-CA90E50618AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4C9017BB-5848-4361-ABB9-C69FB3AB90FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5\\(rel\\):*:*:*:*:*:*:*",
"matchCriteriaId": "207034E8-35F7-4E78-A3FC-C86D20EB8D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C544E523-15E5-4CE5-8113-53454F5D9973",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B09F6EBD-C3FC-4680-BE31-A766D863237D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DF8C3FDA-D321-4202-A8EA-6C1464558A8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B68705AB-A133-401F-9F41-64594E071816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F9092680-E154-4EAB-A2D5-B692073F894E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8EF5F3FA-5FA4-408E-BA62-3943C5DFD859",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ADFC9764-5BF5-449F-9200-5569C13F8309",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F12F2AAC-DB5B-4C28-86C5-F59490362E54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "071F52AD-D59B-4673-BCBE-112B94D3EB66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "80709CB0-D386-4C4F-B3EE-7A0501FD7248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7.a:*:*:*:*:*:*:*",
"matchCriteriaId": "B2AFAF42-B894-4D62-A9CF-3349A43191AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7.b:*:*:*:*:*:*:*",
"matchCriteriaId": "ABE5BB7F-D8B4-441B-9F45-56F622EEAA52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7.c:*:*:*:*:*:*:*",
"matchCriteriaId": "8B87A7EC-DC23-4075-8C4A-2317FF34BDB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7.d:*:*:*:*:*:*:*",
"matchCriteriaId": "98AC18E3-D12B-489D-9D95-6C9210235FB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7.f:*:*:*:*:*:*:*",
"matchCriteriaId": "E9DB969E-8BE9-46E0-B8AA-5057E320F1ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7d:*:*:*:*:*:*:*",
"matchCriteriaId": "36291ADE-3D5A-4E49-8BA7-B71CAAA226B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D953DA9F-B54E-4941-85BE-48933C98DB55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "12E298AD-26AC-4E1D-83D8-5C2016CC6559",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.0.5.b:*:*:*:*:*:*:*",
"matchCriteriaId": "B71DAF71-5763-44D8-AD1E-5ADE8BC15120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B35B6FA9-E504-4CE3-B171-815291A812CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.1.5.b:*:*:*:*:*:*:*",
"matchCriteriaId": "BFA54782-93A8-47BE-863D-89CA3678BF6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.1.7.a:*:*:*:*:*:*:*",
"matchCriteriaId": "67F66A10-246D-447B-941F-F1175684F0D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3005_concentrator_software:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "17196F00-9D7A-4AF6-AE1E-EA2E450A8ABD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:vpn_3002_hardware_client:*:*:*:*:*:*:*:*",
"matchCriteriaId": "12ECF578-84BF-4F41-9462-C09FA517F2A0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco VPN 3000 series Concentrator running firmware 4.1.7.A and earlier allows remote attackers to cause a denial of service (device reload or drop user connection) via a crafted HTTPS packet."
}
],
"id": "CVE-2005-0943",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-03-30T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/14784"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20050330-vpn3k.shtml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/12948"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19903"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/14784"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20050330-vpn3k.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/12948"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19903"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2006-4313 (GCVE-0-2006-4313)
Vulnerability from cvelistv5 – Published: 2006-08-23 22:00 – Updated: 2024-08-07 19:06
VLAI?
Summary
Multiple unspecified vulnerabilities in Cisco VPN 3000 series concentrators before 4.1, 4.1.x up to 4.1(7)L, and 4.7.x up to 4.7(2)F allow attackers to execute the (1) CWD, (2) MKD, (3) CDUP, (4) RNFR, (5) SIZE, and (6) RMD FTP commands to modify files or create and delete directories via unknown vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:06:07.596Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-3368",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3368"
},
{
"name": "28138",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/28138"
},
{
"name": "1016737",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016737"
},
{
"name": "19680",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19680"
},
{
"name": "28139",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/28139"
},
{
"name": "cisco-vpn-ftp-command-execute(28539)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28539"
},
{
"name": "20060823 Cisco VPN 3000 Concentrator FTP Management Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20060823-vpn3k.shtml"
},
{
"name": "21617",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21617"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in Cisco VPN 3000 series concentrators before 4.1, 4.1.x up to 4.1(7)L, and 4.7.x up to 4.7(2)F allow attackers to execute the (1) CWD, (2) MKD, (3) CDUP, (4) RNFR, (5) SIZE, and (6) RMD FTP commands to modify files or create and delete directories via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-3368",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3368"
},
{
"name": "28138",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/28138"
},
{
"name": "1016737",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016737"
},
{
"name": "19680",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19680"
},
{
"name": "28139",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/28139"
},
{
"name": "cisco-vpn-ftp-command-execute(28539)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28539"
},
{
"name": "20060823 Cisco VPN 3000 Concentrator FTP Management Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20060823-vpn3k.shtml"
},
{
"name": "21617",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21617"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4313",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in Cisco VPN 3000 series concentrators before 4.1, 4.1.x up to 4.1(7)L, and 4.7.x up to 4.7(2)F allow attackers to execute the (1) CWD, (2) MKD, (3) CDUP, (4) RNFR, (5) SIZE, and (6) RMD FTP commands to modify files or create and delete directories via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-3368",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3368"
},
{
"name": "28138",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28138"
},
{
"name": "1016737",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016737"
},
{
"name": "19680",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19680"
},
{
"name": "28139",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28139"
},
{
"name": "cisco-vpn-ftp-command-execute(28539)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28539"
},
{
"name": "20060823 Cisco VPN 3000 Concentrator FTP Management Vulnerabilities",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20060823-vpn3k.shtml"
},
{
"name": "21617",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21617"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4313",
"datePublished": "2006-08-23T22:00:00",
"dateReserved": "2006-08-23T00:00:00",
"dateUpdated": "2024-08-07T19:06:07.596Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3906 (GCVE-0-2006-3906)
Vulnerability from cvelistv5 – Published: 2006-07-27 22:00 – Updated: 2024-08-07 18:48
VLAI?
Summary
Internet Key Exchange (IKE) version 1 protocol, as implemented on Cisco IOS, VPN 3000 Concentrators, and PIX firewalls, allows remote attackers to cause a denial of service (resource exhaustion) via a flood of IKE Phase-1 packets that exceed the session expiration rate. NOTE: it has been argued that this is due to a design weakness of the IKE version 1 protocol, in which case other vendors and implementations would also be affected.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:48:39.430Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nta-monitor.com/posts/2006/07/cisco-concentrator-dos.html"
},
{
"name": "19176",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19176"
},
{
"name": "20060726 Cisco VPN Concentrator IKE resource exhaustion DoS Advisory",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/441203/100/0/threaded"
},
{
"name": "29068",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/29068"
},
{
"name": "20060728 Re: Cisco VPN Concentrator IKE resource exhaustion DoS Advisory",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0531.html"
},
{
"name": "oval:org.mitre.oval:def:5299",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5299"
},
{
"name": "1016582",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016582"
},
{
"name": "1293",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1293"
},
{
"name": "20060726 Internet Key Exchange Resource Exhaustion Attack",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/tech/tk583/tk372/tsd_technology_security_response09186a00806f33d4.html"
},
{
"name": "cisco-ike-resource-exhaustion-dos(27972)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27972"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Internet Key Exchange (IKE) version 1 protocol, as implemented on Cisco IOS, VPN 3000 Concentrators, and PIX firewalls, allows remote attackers to cause a denial of service (resource exhaustion) via a flood of IKE Phase-1 packets that exceed the session expiration rate. NOTE: it has been argued that this is due to a design weakness of the IKE version 1 protocol, in which case other vendors and implementations would also be affected."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nta-monitor.com/posts/2006/07/cisco-concentrator-dos.html"
},
{
"name": "19176",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19176"
},
{
"name": "20060726 Cisco VPN Concentrator IKE resource exhaustion DoS Advisory",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/441203/100/0/threaded"
},
{
"name": "29068",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/29068"
},
{
"name": "20060728 Re: Cisco VPN Concentrator IKE resource exhaustion DoS Advisory",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0531.html"
},
{
"name": "oval:org.mitre.oval:def:5299",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5299"
},
{
"name": "1016582",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016582"
},
{
"name": "1293",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1293"
},
{
"name": "20060726 Internet Key Exchange Resource Exhaustion Attack",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/en/US/tech/tk583/tk372/tsd_technology_security_response09186a00806f33d4.html"
},
{
"name": "cisco-ike-resource-exhaustion-dos(27972)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27972"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3906",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Internet Key Exchange (IKE) version 1 protocol, as implemented on Cisco IOS, VPN 3000 Concentrators, and PIX firewalls, allows remote attackers to cause a denial of service (resource exhaustion) via a flood of IKE Phase-1 packets that exceed the session expiration rate. NOTE: it has been argued that this is due to a design weakness of the IKE version 1 protocol, in which case other vendors and implementations would also be affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.nta-monitor.com/posts/2006/07/cisco-concentrator-dos.html",
"refsource": "MISC",
"url": "http://www.nta-monitor.com/posts/2006/07/cisco-concentrator-dos.html"
},
{
"name": "19176",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19176"
},
{
"name": "20060726 Cisco VPN Concentrator IKE resource exhaustion DoS Advisory",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/441203/100/0/threaded"
},
{
"name": "29068",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29068"
},
{
"name": "20060728 Re: Cisco VPN Concentrator IKE resource exhaustion DoS Advisory",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0531.html"
},
{
"name": "oval:org.mitre.oval:def:5299",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5299"
},
{
"name": "1016582",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016582"
},
{
"name": "1293",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1293"
},
{
"name": "20060726 Internet Key Exchange Resource Exhaustion Attack",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/tech/tk583/tk372/tsd_technology_security_response09186a00806f33d4.html"
},
{
"name": "cisco-ike-resource-exhaustion-dos(27972)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27972"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3906",
"datePublished": "2006-07-27T22:00:00",
"dateReserved": "2006-07-27T00:00:00",
"dateUpdated": "2024-08-07T18:48:39.430Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3073 (GCVE-0-2006-3073)
Vulnerability from cvelistv5 – Published: 2006-06-19 10:00 – Updated: 2024-08-07 18:16
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the WebVPN feature in the Cisco VPN 3000 Series Concentrators and Cisco ASA 5500 Series Adaptive Security Appliances (ASA), when in WebVPN clientless mode, allow remote attackers to inject arbitrary web script or HTML via the domain parameter in (1) dnserror.html and (2) connecterror.html, aka bugid CSCsd81095 (VPN3k) and CSCse48193 (ASA). NOTE: the vendor states that "WebVPN full-network-access mode" is not affected, despite the claims by the original researcher.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:16:05.521Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060608 SSL VPNs and security",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/436479/30/0/threaded"
},
{
"name": "20644",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20644"
},
{
"name": "26454",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/26454"
},
{
"name": "26453",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/26453"
},
{
"name": "ADV-2006-2331",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2331"
},
{
"name": "1016252",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016252"
},
{
"name": "18419",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18419"
},
{
"name": "cisco-webvpn-xss(27086)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27086"
},
{
"name": "20060613 WebVPN Cross-Site Scripting Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sr-20060613-webvpn-xss.shtml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the WebVPN feature in the Cisco VPN 3000 Series Concentrators and Cisco ASA 5500 Series Adaptive Security Appliances (ASA), when in WebVPN clientless mode, allow remote attackers to inject arbitrary web script or HTML via the domain parameter in (1) dnserror.html and (2) connecterror.html, aka bugid CSCsd81095 (VPN3k) and CSCse48193 (ASA). NOTE: the vendor states that \"WebVPN full-network-access mode\" is not affected, despite the claims by the original researcher."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060608 SSL VPNs and security",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/436479/30/0/threaded"
},
{
"name": "20644",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20644"
},
{
"name": "26454",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/26454"
},
{
"name": "26453",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/26453"
},
{
"name": "ADV-2006-2331",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2331"
},
{
"name": "1016252",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016252"
},
{
"name": "18419",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18419"
},
{
"name": "cisco-webvpn-xss(27086)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27086"
},
{
"name": "20060613 WebVPN Cross-Site Scripting Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sr-20060613-webvpn-xss.shtml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3073",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the WebVPN feature in the Cisco VPN 3000 Series Concentrators and Cisco ASA 5500 Series Adaptive Security Appliances (ASA), when in WebVPN clientless mode, allow remote attackers to inject arbitrary web script or HTML via the domain parameter in (1) dnserror.html and (2) connecterror.html, aka bugid CSCsd81095 (VPN3k) and CSCse48193 (ASA). NOTE: the vendor states that \"WebVPN full-network-access mode\" is not affected, despite the claims by the original researcher."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060608 SSL VPNs and security",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/436479/30/0/threaded"
},
{
"name": "20644",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20644"
},
{
"name": "26454",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26454"
},
{
"name": "26453",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26453"
},
{
"name": "ADV-2006-2331",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2331"
},
{
"name": "1016252",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016252"
},
{
"name": "18419",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18419"
},
{
"name": "cisco-webvpn-xss(27086)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27086"
},
{
"name": "20060613 WebVPN Cross-Site Scripting Vulnerability",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sr-20060613-webvpn-xss.shtml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3073",
"datePublished": "2006-06-19T10:00:00",
"dateReserved": "2006-06-19T00:00:00",
"dateUpdated": "2024-08-07T18:16:05.521Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0483 (GCVE-0-2006-0483)
Vulnerability from cvelistv5 – Published: 2006-01-31 20:00 – Updated: 2024-08-07 16:34
VLAI?
Summary
Cisco VPN 3000 series concentrators running software 4.7.0 through 4.7.2.A allow remote attackers to cause a denial of service (device reload or user disconnect) via a crafted HTTP packet.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:34:14.831Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18629",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18629"
},
{
"name": "cisco-vpn-http-dos(24330)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24330"
},
{
"name": "16394",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16394"
},
{
"name": "20060126 Cisco VPN 3000 Concentrator Vulnerable to Crafted HTTP Attack",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20060126-vpn.shtml"
},
{
"name": "1015546",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015546"
},
{
"name": "22754",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22754"
},
{
"name": "ADV-2006-0346",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0346"
},
{
"name": "375",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/375"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-01-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco VPN 3000 series concentrators running software 4.7.0 through 4.7.2.A allow remote attackers to cause a denial of service (device reload or user disconnect) via a crafted HTTP packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18629",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18629"
},
{
"name": "cisco-vpn-http-dos(24330)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24330"
},
{
"name": "16394",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16394"
},
{
"name": "20060126 Cisco VPN 3000 Concentrator Vulnerable to Crafted HTTP Attack",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20060126-vpn.shtml"
},
{
"name": "1015546",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015546"
},
{
"name": "22754",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22754"
},
{
"name": "ADV-2006-0346",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0346"
},
{
"name": "375",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/375"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0483",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco VPN 3000 series concentrators running software 4.7.0 through 4.7.2.A allow remote attackers to cause a denial of service (device reload or user disconnect) via a crafted HTTP packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18629",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18629"
},
{
"name": "cisco-vpn-http-dos(24330)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24330"
},
{
"name": "16394",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16394"
},
{
"name": "20060126 Cisco VPN 3000 Concentrator Vulnerable to Crafted HTTP Attack",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20060126-vpn.shtml"
},
{
"name": "1015546",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015546"
},
{
"name": "22754",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22754"
},
{
"name": "ADV-2006-0346",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0346"
},
{
"name": "375",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/375"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0483",
"datePublished": "2006-01-31T20:00:00",
"dateReserved": "2006-01-31T00:00:00",
"dateUpdated": "2024-08-07T16:34:14.831Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-4499 (GCVE-0-2005-4499)
Vulnerability from cvelistv5 – Published: 2005-12-22 11:00 – Updated: 2024-08-07 23:46
VLAI?
Summary
The Downloadable RADIUS ACLs feature in Cisco PIX and VPN 3000 concentrators, when creating an ACL on the Cisco Secure Access Control Server (CS ACS), generates a random internal name for an ACL that is also used as a hidden user name and password, which allows remote attackers to gain privileges by sniffing the username from the cleartext portion of a RADIUS session, then using the password to log in to another device that uses CS ACS.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:46:05.525Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20051221 Cisco PIX / CS ACS: Downloadable RADIUS ACLs vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/420020/100/0/threaded"
},
{
"name": "16025",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16025"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_field_notice09186a00805bf1c4.shtml"
},
{
"name": "22193",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22193"
},
{
"name": "20051222 Re: Cisco PIX / CS ACS: Downloadable RADIUS ACLs vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/420103/100/0/threaded"
},
{
"name": "18141",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18141"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-12-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Downloadable RADIUS ACLs feature in Cisco PIX and VPN 3000 concentrators, when creating an ACL on the Cisco Secure Access Control Server (CS ACS), generates a random internal name for an ACL that is also used as a hidden user name and password, which allows remote attackers to gain privileges by sniffing the username from the cleartext portion of a RADIUS session, then using the password to log in to another device that uses CS ACS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20051221 Cisco PIX / CS ACS: Downloadable RADIUS ACLs vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/420020/100/0/threaded"
},
{
"name": "16025",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16025"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_field_notice09186a00805bf1c4.shtml"
},
{
"name": "22193",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22193"
},
{
"name": "20051222 Re: Cisco PIX / CS ACS: Downloadable RADIUS ACLs vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/420103/100/0/threaded"
},
{
"name": "18141",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18141"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4499",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Downloadable RADIUS ACLs feature in Cisco PIX and VPN 3000 concentrators, when creating an ACL on the Cisco Secure Access Control Server (CS ACS), generates a random internal name for an ACL that is also used as a hidden user name and password, which allows remote attackers to gain privileges by sniffing the username from the cleartext portion of a RADIUS session, then using the password to log in to another device that uses CS ACS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20051221 Cisco PIX / CS ACS: Downloadable RADIUS ACLs vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/420020/100/0/threaded"
},
{
"name": "16025",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16025"
},
{
"name": "http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_field_notice09186a00805bf1c4.shtml",
"refsource": "MISC",
"url": "http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_field_notice09186a00805bf1c4.shtml"
},
{
"name": "22193",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22193"
},
{
"name": "20051222 Re: Cisco PIX / CS ACS: Downloadable RADIUS ACLs vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/420103/100/0/threaded"
},
{
"name": "18141",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18141"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4499",
"datePublished": "2005-12-22T11:00:00",
"dateReserved": "2005-12-22T00:00:00",
"dateUpdated": "2024-08-07T23:46:05.525Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3669 (GCVE-0-2005-3669)
Vulnerability from cvelistv5 – Published: 2005-11-18 21:00 – Updated: 2024-08-07 23:17
VLAI?
Summary
Multiple unspecified vulnerabilities in the Internet Key Exchange version 1 (IKEv1) implementation in multiple Cisco products allow remote attackers to cause a denial of service (device reset) via certain malformed IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the Cisco advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:17:23.435Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1015200",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015200"
},
{
"name": "1015202",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015202"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.niscc.gov.uk/niscc/docs/br-20051114-01013.html?lang=en"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jvn.jp/niscc/NISCC-273756/index.html"
},
{
"name": "1015201",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015201"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp/"
},
{
"name": "15401",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15401"
},
{
"name": "VU#226364",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/226364"
},
{
"name": "1015199",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015199"
},
{
"name": "oval:org.mitre.oval:def:5226",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5226"
},
{
"name": "1015198",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015198"
},
{
"name": "20051114 Multiple Vulnerabilities Found by PROTOS IPSec Test Suite",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20051114-ipsec.shtml"
},
{
"name": "17553",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17553"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in the Internet Key Exchange version 1 (IKEv1) implementation in multiple Cisco products allow remote attackers to cause a denial of service (device reset) via certain malformed IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the Cisco advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1015200",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015200"
},
{
"name": "1015202",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015202"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.niscc.gov.uk/niscc/docs/br-20051114-01013.html?lang=en"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jvn.jp/niscc/NISCC-273756/index.html"
},
{
"name": "1015201",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015201"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp/"
},
{
"name": "15401",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15401"
},
{
"name": "VU#226364",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/226364"
},
{
"name": "1015199",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015199"
},
{
"name": "oval:org.mitre.oval:def:5226",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5226"
},
{
"name": "1015198",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015198"
},
{
"name": "20051114 Multiple Vulnerabilities Found by PROTOS IPSec Test Suite",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20051114-ipsec.shtml"
},
{
"name": "17553",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17553"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3669",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in the Internet Key Exchange version 1 (IKEv1) implementation in multiple Cisco products allow remote attackers to cause a denial of service (device reset) via certain malformed IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the Cisco advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1015200",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015200"
},
{
"name": "1015202",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015202"
},
{
"name": "http://www.niscc.gov.uk/niscc/docs/br-20051114-01013.html?lang=en",
"refsource": "MISC",
"url": "http://www.niscc.gov.uk/niscc/docs/br-20051114-01013.html?lang=en"
},
{
"name": "http://jvn.jp/niscc/NISCC-273756/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/niscc/NISCC-273756/index.html"
},
{
"name": "1015201",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015201"
},
{
"name": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp/",
"refsource": "MISC",
"url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp/"
},
{
"name": "15401",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15401"
},
{
"name": "VU#226364",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/226364"
},
{
"name": "1015199",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015199"
},
{
"name": "oval:org.mitre.oval:def:5226",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5226"
},
{
"name": "1015198",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015198"
},
{
"name": "20051114 Multiple Vulnerabilities Found by PROTOS IPSec Test Suite",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20051114-ipsec.shtml"
},
{
"name": "17553",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17553"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3669",
"datePublished": "2005-11-18T21:00:00",
"dateReserved": "2005-11-18T00:00:00",
"dateUpdated": "2024-08-07T23:17:23.435Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2025 (GCVE-0-2005-2025)
Vulnerability from cvelistv5 – Published: 2005-06-21 04:00 – Updated: 2024-08-07 22:15
VLAI?
Summary
Cisco VPN 3000 Concentrator before 4.1.7.F allows remote attackers to determine valid groupnames by sending an IKE Aggressive Mode packet with the groupname in the ID field, which generates a response if the groupname is valid, but does not generate a response for an invalid groupname.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:15:36.602Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nta-monitor.com/news/vpn-flaws/cisco/VPN-Concentrator/index.htm"
},
{
"name": "13992",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/13992"
},
{
"name": "ADV-2005-0822",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/0822"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-06-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco VPN 3000 Concentrator before 4.1.7.F allows remote attackers to determine valid groupnames by sending an IKE Aggressive Mode packet with the groupname in the ID field, which generates a response if the groupname is valid, but does not generate a response for an invalid groupname."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-26T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nta-monitor.com/news/vpn-flaws/cisco/VPN-Concentrator/index.htm"
},
{
"name": "13992",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/13992"
},
{
"name": "ADV-2005-0822",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/0822"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2025",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco VPN 3000 Concentrator before 4.1.7.F allows remote attackers to determine valid groupnames by sending an IKE Aggressive Mode packet with the groupname in the ID field, which generates a response if the groupname is valid, but does not generate a response for an invalid groupname."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.nta-monitor.com/news/vpn-flaws/cisco/VPN-Concentrator/index.htm",
"refsource": "MISC",
"url": "http://www.nta-monitor.com/news/vpn-flaws/cisco/VPN-Concentrator/index.htm"
},
{
"name": "13992",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13992"
},
{
"name": "ADV-2005-0822",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/0822"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2025",
"datePublished": "2005-06-21T04:00:00",
"dateReserved": "2005-06-21T00:00:00",
"dateUpdated": "2024-08-07T22:15:36.602Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0943 (GCVE-0-2005-0943)
Vulnerability from cvelistv5 – Published: 2005-04-03 05:00 – Updated: 2024-08-07 21:28
VLAI?
Summary
Cisco VPN 3000 series Concentrator running firmware 4.1.7.A and earlier allows remote attackers to cause a denial of service (device reload or drop user connection) via a crafted HTTPS packet.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:28:29.161Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050330 Cisco VPN 3000 Concentrator Vulnerable to Crafted SSL Attack",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20050330-vpn3k.shtml"
},
{
"name": "12948",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12948"
},
{
"name": "14784",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/14784"
},
{
"name": "cisco-vpn-3000-dos(19903)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19903"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-03-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco VPN 3000 series Concentrator running firmware 4.1.7.A and earlier allows remote attackers to cause a denial of service (device reload or drop user connection) via a crafted HTTPS packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050330 Cisco VPN 3000 Concentrator Vulnerable to Crafted SSL Attack",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20050330-vpn3k.shtml"
},
{
"name": "12948",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12948"
},
{
"name": "14784",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/14784"
},
{
"name": "cisco-vpn-3000-dos(19903)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19903"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0943",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco VPN 3000 series Concentrator running firmware 4.1.7.A and earlier allows remote attackers to cause a denial of service (device reload or drop user connection) via a crafted HTTPS packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050330 Cisco VPN 3000 Concentrator Vulnerable to Crafted SSL Attack",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20050330-vpn3k.shtml"
},
{
"name": "12948",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12948"
},
{
"name": "14784",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14784"
},
{
"name": "cisco-vpn-3000-dos(19903)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19903"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0943",
"datePublished": "2005-04-03T05:00:00",
"dateReserved": "2005-04-03T00:00:00",
"dateUpdated": "2024-08-07T21:28:29.161Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1102 (GCVE-0-2002-1102)
Vulnerability from cvelistv5 – Published: 2004-09-01 04:00 – Updated: 2024-08-08 03:12
VLAI?
Summary
The LAN-to-LAN IPSEC capability for Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.4, allows remote attackers to cause a denial of service via an incoming LAN-to-LAN connection with an existing security association with another device on the remote network, which causes the concentrator to remove the previous connection.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:12:16.932Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml"
},
{
"name": "cisco-vpn-lan-connection-dos(10027)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10027"
},
{
"name": "5622",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5622"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-09-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The LAN-to-LAN IPSEC capability for Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.4, allows remote attackers to cause a denial of service via an incoming LAN-to-LAN connection with an existing security association with another device on the remote network, which causes the concentrator to remove the previous connection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-07-25T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml"
},
{
"name": "cisco-vpn-lan-connection-dos(10027)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10027"
},
{
"name": "5622",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5622"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1102",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The LAN-to-LAN IPSEC capability for Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.4, allows remote attackers to cause a denial of service via an incoming LAN-to-LAN connection with an existing security association with another device on the remote network, which causes the concentrator to remove the previous connection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml"
},
{
"name": "cisco-vpn-lan-connection-dos(10027)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10027"
},
{
"name": "5622",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5622"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1102",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2002-09-06T00:00:00",
"dateUpdated": "2024-08-08T03:12:16.932Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1099 (GCVE-0-2002-1099)
Vulnerability from cvelistv5 – Published: 2004-09-01 04:00 – Updated: 2024-08-08 03:12
VLAI?
Summary
Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, allows remote attackers to obtain potentially sensitive information without authentication by directly accessing certain HTML pages.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:12:17.043Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml"
},
{
"name": "5616",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5616"
},
{
"name": "cisco-vpn-web-access(10024)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/10024.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-09-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, allows remote attackers to obtain potentially sensitive information without authentication by directly accessing certain HTML pages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2003-01-10T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml"
},
{
"name": "5616",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5616"
},
{
"name": "cisco-vpn-web-access(10024)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/10024.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1099",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, allows remote attackers to obtain potentially sensitive information without authentication by directly accessing certain HTML pages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml"
},
{
"name": "5616",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5616"
},
{
"name": "cisco-vpn-web-access(10024)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10024.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1099",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2002-09-06T00:00:00",
"dateUpdated": "2024-08-08T03:12:17.043Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1093 (GCVE-0-2002-1093)
Vulnerability from cvelistv5 – Published: 2004-09-01 04:00 – Updated: 2024-08-08 03:12
VLAI?
Summary
HTML interface for Cisco VPN 3000 Concentrator 2.x.x and 3.x.x before 3.0.3(B) allows remote attackers to cause a denial of service (CPU consumption) via a long URL request.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:12:17.067Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml"
},
{
"name": "5615",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5615"
},
{
"name": "cisco-vpn-html-parser-dos(10018)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/10018.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-09-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "HTML interface for Cisco VPN 3000 Concentrator 2.x.x and 3.x.x before 3.0.3(B) allows remote attackers to cause a denial of service (CPU consumption) via a long URL request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2003-01-10T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml"
},
{
"name": "5615",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5615"
},
{
"name": "cisco-vpn-html-parser-dos(10018)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/10018.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1093",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HTML interface for Cisco VPN 3000 Concentrator 2.x.x and 3.x.x before 3.0.3(B) allows remote attackers to cause a denial of service (CPU consumption) via a long URL request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml"
},
{
"name": "5615",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5615"
},
{
"name": "cisco-vpn-html-parser-dos(10018)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10018.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1093",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2002-09-06T00:00:00",
"dateUpdated": "2024-08-08T03:12:17.067Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4313 (GCVE-0-2006-4313)
Vulnerability from nvd – Published: 2006-08-23 22:00 – Updated: 2024-08-07 19:06
VLAI?
Summary
Multiple unspecified vulnerabilities in Cisco VPN 3000 series concentrators before 4.1, 4.1.x up to 4.1(7)L, and 4.7.x up to 4.7(2)F allow attackers to execute the (1) CWD, (2) MKD, (3) CDUP, (4) RNFR, (5) SIZE, and (6) RMD FTP commands to modify files or create and delete directories via unknown vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:06:07.596Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-3368",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3368"
},
{
"name": "28138",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/28138"
},
{
"name": "1016737",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016737"
},
{
"name": "19680",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19680"
},
{
"name": "28139",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/28139"
},
{
"name": "cisco-vpn-ftp-command-execute(28539)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28539"
},
{
"name": "20060823 Cisco VPN 3000 Concentrator FTP Management Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20060823-vpn3k.shtml"
},
{
"name": "21617",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21617"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in Cisco VPN 3000 series concentrators before 4.1, 4.1.x up to 4.1(7)L, and 4.7.x up to 4.7(2)F allow attackers to execute the (1) CWD, (2) MKD, (3) CDUP, (4) RNFR, (5) SIZE, and (6) RMD FTP commands to modify files or create and delete directories via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-3368",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3368"
},
{
"name": "28138",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/28138"
},
{
"name": "1016737",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016737"
},
{
"name": "19680",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19680"
},
{
"name": "28139",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/28139"
},
{
"name": "cisco-vpn-ftp-command-execute(28539)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28539"
},
{
"name": "20060823 Cisco VPN 3000 Concentrator FTP Management Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20060823-vpn3k.shtml"
},
{
"name": "21617",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21617"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4313",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in Cisco VPN 3000 series concentrators before 4.1, 4.1.x up to 4.1(7)L, and 4.7.x up to 4.7(2)F allow attackers to execute the (1) CWD, (2) MKD, (3) CDUP, (4) RNFR, (5) SIZE, and (6) RMD FTP commands to modify files or create and delete directories via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-3368",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3368"
},
{
"name": "28138",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28138"
},
{
"name": "1016737",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016737"
},
{
"name": "19680",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19680"
},
{
"name": "28139",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28139"
},
{
"name": "cisco-vpn-ftp-command-execute(28539)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28539"
},
{
"name": "20060823 Cisco VPN 3000 Concentrator FTP Management Vulnerabilities",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20060823-vpn3k.shtml"
},
{
"name": "21617",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21617"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4313",
"datePublished": "2006-08-23T22:00:00",
"dateReserved": "2006-08-23T00:00:00",
"dateUpdated": "2024-08-07T19:06:07.596Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3906 (GCVE-0-2006-3906)
Vulnerability from nvd – Published: 2006-07-27 22:00 – Updated: 2024-08-07 18:48
VLAI?
Summary
Internet Key Exchange (IKE) version 1 protocol, as implemented on Cisco IOS, VPN 3000 Concentrators, and PIX firewalls, allows remote attackers to cause a denial of service (resource exhaustion) via a flood of IKE Phase-1 packets that exceed the session expiration rate. NOTE: it has been argued that this is due to a design weakness of the IKE version 1 protocol, in which case other vendors and implementations would also be affected.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:48:39.430Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nta-monitor.com/posts/2006/07/cisco-concentrator-dos.html"
},
{
"name": "19176",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19176"
},
{
"name": "20060726 Cisco VPN Concentrator IKE resource exhaustion DoS Advisory",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/441203/100/0/threaded"
},
{
"name": "29068",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/29068"
},
{
"name": "20060728 Re: Cisco VPN Concentrator IKE resource exhaustion DoS Advisory",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0531.html"
},
{
"name": "oval:org.mitre.oval:def:5299",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5299"
},
{
"name": "1016582",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016582"
},
{
"name": "1293",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1293"
},
{
"name": "20060726 Internet Key Exchange Resource Exhaustion Attack",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/tech/tk583/tk372/tsd_technology_security_response09186a00806f33d4.html"
},
{
"name": "cisco-ike-resource-exhaustion-dos(27972)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27972"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Internet Key Exchange (IKE) version 1 protocol, as implemented on Cisco IOS, VPN 3000 Concentrators, and PIX firewalls, allows remote attackers to cause a denial of service (resource exhaustion) via a flood of IKE Phase-1 packets that exceed the session expiration rate. NOTE: it has been argued that this is due to a design weakness of the IKE version 1 protocol, in which case other vendors and implementations would also be affected."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nta-monitor.com/posts/2006/07/cisco-concentrator-dos.html"
},
{
"name": "19176",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19176"
},
{
"name": "20060726 Cisco VPN Concentrator IKE resource exhaustion DoS Advisory",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/441203/100/0/threaded"
},
{
"name": "29068",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/29068"
},
{
"name": "20060728 Re: Cisco VPN Concentrator IKE resource exhaustion DoS Advisory",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0531.html"
},
{
"name": "oval:org.mitre.oval:def:5299",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5299"
},
{
"name": "1016582",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016582"
},
{
"name": "1293",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1293"
},
{
"name": "20060726 Internet Key Exchange Resource Exhaustion Attack",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/en/US/tech/tk583/tk372/tsd_technology_security_response09186a00806f33d4.html"
},
{
"name": "cisco-ike-resource-exhaustion-dos(27972)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27972"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3906",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Internet Key Exchange (IKE) version 1 protocol, as implemented on Cisco IOS, VPN 3000 Concentrators, and PIX firewalls, allows remote attackers to cause a denial of service (resource exhaustion) via a flood of IKE Phase-1 packets that exceed the session expiration rate. NOTE: it has been argued that this is due to a design weakness of the IKE version 1 protocol, in which case other vendors and implementations would also be affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.nta-monitor.com/posts/2006/07/cisco-concentrator-dos.html",
"refsource": "MISC",
"url": "http://www.nta-monitor.com/posts/2006/07/cisco-concentrator-dos.html"
},
{
"name": "19176",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19176"
},
{
"name": "20060726 Cisco VPN Concentrator IKE resource exhaustion DoS Advisory",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/441203/100/0/threaded"
},
{
"name": "29068",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29068"
},
{
"name": "20060728 Re: Cisco VPN Concentrator IKE resource exhaustion DoS Advisory",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0531.html"
},
{
"name": "oval:org.mitre.oval:def:5299",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5299"
},
{
"name": "1016582",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016582"
},
{
"name": "1293",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1293"
},
{
"name": "20060726 Internet Key Exchange Resource Exhaustion Attack",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/tech/tk583/tk372/tsd_technology_security_response09186a00806f33d4.html"
},
{
"name": "cisco-ike-resource-exhaustion-dos(27972)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27972"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3906",
"datePublished": "2006-07-27T22:00:00",
"dateReserved": "2006-07-27T00:00:00",
"dateUpdated": "2024-08-07T18:48:39.430Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3073 (GCVE-0-2006-3073)
Vulnerability from nvd – Published: 2006-06-19 10:00 – Updated: 2024-08-07 18:16
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the WebVPN feature in the Cisco VPN 3000 Series Concentrators and Cisco ASA 5500 Series Adaptive Security Appliances (ASA), when in WebVPN clientless mode, allow remote attackers to inject arbitrary web script or HTML via the domain parameter in (1) dnserror.html and (2) connecterror.html, aka bugid CSCsd81095 (VPN3k) and CSCse48193 (ASA). NOTE: the vendor states that "WebVPN full-network-access mode" is not affected, despite the claims by the original researcher.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:16:05.521Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060608 SSL VPNs and security",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/436479/30/0/threaded"
},
{
"name": "20644",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20644"
},
{
"name": "26454",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/26454"
},
{
"name": "26453",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/26453"
},
{
"name": "ADV-2006-2331",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2331"
},
{
"name": "1016252",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016252"
},
{
"name": "18419",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18419"
},
{
"name": "cisco-webvpn-xss(27086)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27086"
},
{
"name": "20060613 WebVPN Cross-Site Scripting Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sr-20060613-webvpn-xss.shtml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the WebVPN feature in the Cisco VPN 3000 Series Concentrators and Cisco ASA 5500 Series Adaptive Security Appliances (ASA), when in WebVPN clientless mode, allow remote attackers to inject arbitrary web script or HTML via the domain parameter in (1) dnserror.html and (2) connecterror.html, aka bugid CSCsd81095 (VPN3k) and CSCse48193 (ASA). NOTE: the vendor states that \"WebVPN full-network-access mode\" is not affected, despite the claims by the original researcher."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060608 SSL VPNs and security",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/436479/30/0/threaded"
},
{
"name": "20644",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20644"
},
{
"name": "26454",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/26454"
},
{
"name": "26453",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/26453"
},
{
"name": "ADV-2006-2331",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2331"
},
{
"name": "1016252",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016252"
},
{
"name": "18419",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18419"
},
{
"name": "cisco-webvpn-xss(27086)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27086"
},
{
"name": "20060613 WebVPN Cross-Site Scripting Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sr-20060613-webvpn-xss.shtml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3073",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the WebVPN feature in the Cisco VPN 3000 Series Concentrators and Cisco ASA 5500 Series Adaptive Security Appliances (ASA), when in WebVPN clientless mode, allow remote attackers to inject arbitrary web script or HTML via the domain parameter in (1) dnserror.html and (2) connecterror.html, aka bugid CSCsd81095 (VPN3k) and CSCse48193 (ASA). NOTE: the vendor states that \"WebVPN full-network-access mode\" is not affected, despite the claims by the original researcher."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060608 SSL VPNs and security",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/436479/30/0/threaded"
},
{
"name": "20644",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20644"
},
{
"name": "26454",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26454"
},
{
"name": "26453",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26453"
},
{
"name": "ADV-2006-2331",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2331"
},
{
"name": "1016252",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016252"
},
{
"name": "18419",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18419"
},
{
"name": "cisco-webvpn-xss(27086)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27086"
},
{
"name": "20060613 WebVPN Cross-Site Scripting Vulnerability",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sr-20060613-webvpn-xss.shtml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3073",
"datePublished": "2006-06-19T10:00:00",
"dateReserved": "2006-06-19T00:00:00",
"dateUpdated": "2024-08-07T18:16:05.521Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0483 (GCVE-0-2006-0483)
Vulnerability from nvd – Published: 2006-01-31 20:00 – Updated: 2024-08-07 16:34
VLAI?
Summary
Cisco VPN 3000 series concentrators running software 4.7.0 through 4.7.2.A allow remote attackers to cause a denial of service (device reload or user disconnect) via a crafted HTTP packet.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:34:14.831Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18629",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18629"
},
{
"name": "cisco-vpn-http-dos(24330)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24330"
},
{
"name": "16394",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16394"
},
{
"name": "20060126 Cisco VPN 3000 Concentrator Vulnerable to Crafted HTTP Attack",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20060126-vpn.shtml"
},
{
"name": "1015546",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015546"
},
{
"name": "22754",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22754"
},
{
"name": "ADV-2006-0346",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0346"
},
{
"name": "375",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/375"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-01-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco VPN 3000 series concentrators running software 4.7.0 through 4.7.2.A allow remote attackers to cause a denial of service (device reload or user disconnect) via a crafted HTTP packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18629",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18629"
},
{
"name": "cisco-vpn-http-dos(24330)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24330"
},
{
"name": "16394",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16394"
},
{
"name": "20060126 Cisco VPN 3000 Concentrator Vulnerable to Crafted HTTP Attack",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20060126-vpn.shtml"
},
{
"name": "1015546",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015546"
},
{
"name": "22754",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22754"
},
{
"name": "ADV-2006-0346",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0346"
},
{
"name": "375",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/375"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0483",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco VPN 3000 series concentrators running software 4.7.0 through 4.7.2.A allow remote attackers to cause a denial of service (device reload or user disconnect) via a crafted HTTP packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18629",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18629"
},
{
"name": "cisco-vpn-http-dos(24330)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24330"
},
{
"name": "16394",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16394"
},
{
"name": "20060126 Cisco VPN 3000 Concentrator Vulnerable to Crafted HTTP Attack",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20060126-vpn.shtml"
},
{
"name": "1015546",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015546"
},
{
"name": "22754",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22754"
},
{
"name": "ADV-2006-0346",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0346"
},
{
"name": "375",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/375"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0483",
"datePublished": "2006-01-31T20:00:00",
"dateReserved": "2006-01-31T00:00:00",
"dateUpdated": "2024-08-07T16:34:14.831Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-4499 (GCVE-0-2005-4499)
Vulnerability from nvd – Published: 2005-12-22 11:00 – Updated: 2024-08-07 23:46
VLAI?
Summary
The Downloadable RADIUS ACLs feature in Cisco PIX and VPN 3000 concentrators, when creating an ACL on the Cisco Secure Access Control Server (CS ACS), generates a random internal name for an ACL that is also used as a hidden user name and password, which allows remote attackers to gain privileges by sniffing the username from the cleartext portion of a RADIUS session, then using the password to log in to another device that uses CS ACS.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:46:05.525Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20051221 Cisco PIX / CS ACS: Downloadable RADIUS ACLs vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/420020/100/0/threaded"
},
{
"name": "16025",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16025"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_field_notice09186a00805bf1c4.shtml"
},
{
"name": "22193",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22193"
},
{
"name": "20051222 Re: Cisco PIX / CS ACS: Downloadable RADIUS ACLs vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/420103/100/0/threaded"
},
{
"name": "18141",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18141"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-12-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Downloadable RADIUS ACLs feature in Cisco PIX and VPN 3000 concentrators, when creating an ACL on the Cisco Secure Access Control Server (CS ACS), generates a random internal name for an ACL that is also used as a hidden user name and password, which allows remote attackers to gain privileges by sniffing the username from the cleartext portion of a RADIUS session, then using the password to log in to another device that uses CS ACS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20051221 Cisco PIX / CS ACS: Downloadable RADIUS ACLs vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/420020/100/0/threaded"
},
{
"name": "16025",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16025"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_field_notice09186a00805bf1c4.shtml"
},
{
"name": "22193",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22193"
},
{
"name": "20051222 Re: Cisco PIX / CS ACS: Downloadable RADIUS ACLs vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/420103/100/0/threaded"
},
{
"name": "18141",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18141"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4499",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Downloadable RADIUS ACLs feature in Cisco PIX and VPN 3000 concentrators, when creating an ACL on the Cisco Secure Access Control Server (CS ACS), generates a random internal name for an ACL that is also used as a hidden user name and password, which allows remote attackers to gain privileges by sniffing the username from the cleartext portion of a RADIUS session, then using the password to log in to another device that uses CS ACS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20051221 Cisco PIX / CS ACS: Downloadable RADIUS ACLs vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/420020/100/0/threaded"
},
{
"name": "16025",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16025"
},
{
"name": "http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_field_notice09186a00805bf1c4.shtml",
"refsource": "MISC",
"url": "http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_field_notice09186a00805bf1c4.shtml"
},
{
"name": "22193",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22193"
},
{
"name": "20051222 Re: Cisco PIX / CS ACS: Downloadable RADIUS ACLs vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/420103/100/0/threaded"
},
{
"name": "18141",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18141"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4499",
"datePublished": "2005-12-22T11:00:00",
"dateReserved": "2005-12-22T00:00:00",
"dateUpdated": "2024-08-07T23:46:05.525Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3669 (GCVE-0-2005-3669)
Vulnerability from nvd – Published: 2005-11-18 21:00 – Updated: 2024-08-07 23:17
VLAI?
Summary
Multiple unspecified vulnerabilities in the Internet Key Exchange version 1 (IKEv1) implementation in multiple Cisco products allow remote attackers to cause a denial of service (device reset) via certain malformed IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the Cisco advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:17:23.435Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1015200",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015200"
},
{
"name": "1015202",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015202"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.niscc.gov.uk/niscc/docs/br-20051114-01013.html?lang=en"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jvn.jp/niscc/NISCC-273756/index.html"
},
{
"name": "1015201",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015201"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp/"
},
{
"name": "15401",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15401"
},
{
"name": "VU#226364",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/226364"
},
{
"name": "1015199",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015199"
},
{
"name": "oval:org.mitre.oval:def:5226",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5226"
},
{
"name": "1015198",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015198"
},
{
"name": "20051114 Multiple Vulnerabilities Found by PROTOS IPSec Test Suite",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20051114-ipsec.shtml"
},
{
"name": "17553",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17553"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in the Internet Key Exchange version 1 (IKEv1) implementation in multiple Cisco products allow remote attackers to cause a denial of service (device reset) via certain malformed IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the Cisco advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1015200",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015200"
},
{
"name": "1015202",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015202"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.niscc.gov.uk/niscc/docs/br-20051114-01013.html?lang=en"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jvn.jp/niscc/NISCC-273756/index.html"
},
{
"name": "1015201",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015201"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp/"
},
{
"name": "15401",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15401"
},
{
"name": "VU#226364",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/226364"
},
{
"name": "1015199",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015199"
},
{
"name": "oval:org.mitre.oval:def:5226",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5226"
},
{
"name": "1015198",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015198"
},
{
"name": "20051114 Multiple Vulnerabilities Found by PROTOS IPSec Test Suite",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20051114-ipsec.shtml"
},
{
"name": "17553",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17553"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3669",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in the Internet Key Exchange version 1 (IKEv1) implementation in multiple Cisco products allow remote attackers to cause a denial of service (device reset) via certain malformed IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the Cisco advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1015200",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015200"
},
{
"name": "1015202",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015202"
},
{
"name": "http://www.niscc.gov.uk/niscc/docs/br-20051114-01013.html?lang=en",
"refsource": "MISC",
"url": "http://www.niscc.gov.uk/niscc/docs/br-20051114-01013.html?lang=en"
},
{
"name": "http://jvn.jp/niscc/NISCC-273756/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/niscc/NISCC-273756/index.html"
},
{
"name": "1015201",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015201"
},
{
"name": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp/",
"refsource": "MISC",
"url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp/"
},
{
"name": "15401",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15401"
},
{
"name": "VU#226364",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/226364"
},
{
"name": "1015199",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015199"
},
{
"name": "oval:org.mitre.oval:def:5226",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5226"
},
{
"name": "1015198",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015198"
},
{
"name": "20051114 Multiple Vulnerabilities Found by PROTOS IPSec Test Suite",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20051114-ipsec.shtml"
},
{
"name": "17553",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17553"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3669",
"datePublished": "2005-11-18T21:00:00",
"dateReserved": "2005-11-18T00:00:00",
"dateUpdated": "2024-08-07T23:17:23.435Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2025 (GCVE-0-2005-2025)
Vulnerability from nvd – Published: 2005-06-21 04:00 – Updated: 2024-08-07 22:15
VLAI?
Summary
Cisco VPN 3000 Concentrator before 4.1.7.F allows remote attackers to determine valid groupnames by sending an IKE Aggressive Mode packet with the groupname in the ID field, which generates a response if the groupname is valid, but does not generate a response for an invalid groupname.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:15:36.602Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nta-monitor.com/news/vpn-flaws/cisco/VPN-Concentrator/index.htm"
},
{
"name": "13992",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/13992"
},
{
"name": "ADV-2005-0822",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/0822"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-06-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco VPN 3000 Concentrator before 4.1.7.F allows remote attackers to determine valid groupnames by sending an IKE Aggressive Mode packet with the groupname in the ID field, which generates a response if the groupname is valid, but does not generate a response for an invalid groupname."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-26T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nta-monitor.com/news/vpn-flaws/cisco/VPN-Concentrator/index.htm"
},
{
"name": "13992",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/13992"
},
{
"name": "ADV-2005-0822",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/0822"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2025",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco VPN 3000 Concentrator before 4.1.7.F allows remote attackers to determine valid groupnames by sending an IKE Aggressive Mode packet with the groupname in the ID field, which generates a response if the groupname is valid, but does not generate a response for an invalid groupname."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.nta-monitor.com/news/vpn-flaws/cisco/VPN-Concentrator/index.htm",
"refsource": "MISC",
"url": "http://www.nta-monitor.com/news/vpn-flaws/cisco/VPN-Concentrator/index.htm"
},
{
"name": "13992",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13992"
},
{
"name": "ADV-2005-0822",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/0822"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2025",
"datePublished": "2005-06-21T04:00:00",
"dateReserved": "2005-06-21T00:00:00",
"dateUpdated": "2024-08-07T22:15:36.602Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0943 (GCVE-0-2005-0943)
Vulnerability from nvd – Published: 2005-04-03 05:00 – Updated: 2024-08-07 21:28
VLAI?
Summary
Cisco VPN 3000 series Concentrator running firmware 4.1.7.A and earlier allows remote attackers to cause a denial of service (device reload or drop user connection) via a crafted HTTPS packet.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:28:29.161Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050330 Cisco VPN 3000 Concentrator Vulnerable to Crafted SSL Attack",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20050330-vpn3k.shtml"
},
{
"name": "12948",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12948"
},
{
"name": "14784",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/14784"
},
{
"name": "cisco-vpn-3000-dos(19903)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19903"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-03-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco VPN 3000 series Concentrator running firmware 4.1.7.A and earlier allows remote attackers to cause a denial of service (device reload or drop user connection) via a crafted HTTPS packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050330 Cisco VPN 3000 Concentrator Vulnerable to Crafted SSL Attack",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20050330-vpn3k.shtml"
},
{
"name": "12948",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12948"
},
{
"name": "14784",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/14784"
},
{
"name": "cisco-vpn-3000-dos(19903)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19903"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0943",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco VPN 3000 series Concentrator running firmware 4.1.7.A and earlier allows remote attackers to cause a denial of service (device reload or drop user connection) via a crafted HTTPS packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050330 Cisco VPN 3000 Concentrator Vulnerable to Crafted SSL Attack",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20050330-vpn3k.shtml"
},
{
"name": "12948",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12948"
},
{
"name": "14784",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14784"
},
{
"name": "cisco-vpn-3000-dos(19903)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19903"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0943",
"datePublished": "2005-04-03T05:00:00",
"dateReserved": "2005-04-03T00:00:00",
"dateUpdated": "2024-08-07T21:28:29.161Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1102 (GCVE-0-2002-1102)
Vulnerability from nvd – Published: 2004-09-01 04:00 – Updated: 2024-08-08 03:12
VLAI?
Summary
The LAN-to-LAN IPSEC capability for Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.4, allows remote attackers to cause a denial of service via an incoming LAN-to-LAN connection with an existing security association with another device on the remote network, which causes the concentrator to remove the previous connection.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:12:16.932Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml"
},
{
"name": "cisco-vpn-lan-connection-dos(10027)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10027"
},
{
"name": "5622",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5622"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-09-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The LAN-to-LAN IPSEC capability for Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.4, allows remote attackers to cause a denial of service via an incoming LAN-to-LAN connection with an existing security association with another device on the remote network, which causes the concentrator to remove the previous connection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-07-25T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml"
},
{
"name": "cisco-vpn-lan-connection-dos(10027)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10027"
},
{
"name": "5622",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5622"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1102",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The LAN-to-LAN IPSEC capability for Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.4, allows remote attackers to cause a denial of service via an incoming LAN-to-LAN connection with an existing security association with another device on the remote network, which causes the concentrator to remove the previous connection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml"
},
{
"name": "cisco-vpn-lan-connection-dos(10027)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10027"
},
{
"name": "5622",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5622"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1102",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2002-09-06T00:00:00",
"dateUpdated": "2024-08-08T03:12:16.932Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1099 (GCVE-0-2002-1099)
Vulnerability from nvd – Published: 2004-09-01 04:00 – Updated: 2024-08-08 03:12
VLAI?
Summary
Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, allows remote attackers to obtain potentially sensitive information without authentication by directly accessing certain HTML pages.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:12:17.043Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml"
},
{
"name": "5616",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5616"
},
{
"name": "cisco-vpn-web-access(10024)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/10024.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-09-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, allows remote attackers to obtain potentially sensitive information without authentication by directly accessing certain HTML pages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2003-01-10T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml"
},
{
"name": "5616",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5616"
},
{
"name": "cisco-vpn-web-access(10024)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/10024.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1099",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, allows remote attackers to obtain potentially sensitive information without authentication by directly accessing certain HTML pages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml"
},
{
"name": "5616",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5616"
},
{
"name": "cisco-vpn-web-access(10024)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10024.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1099",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2002-09-06T00:00:00",
"dateUpdated": "2024-08-08T03:12:17.043Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1093 (GCVE-0-2002-1093)
Vulnerability from nvd – Published: 2004-09-01 04:00 – Updated: 2024-08-08 03:12
VLAI?
Summary
HTML interface for Cisco VPN 3000 Concentrator 2.x.x and 3.x.x before 3.0.3(B) allows remote attackers to cause a denial of service (CPU consumption) via a long URL request.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:12:17.067Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml"
},
{
"name": "5615",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5615"
},
{
"name": "cisco-vpn-html-parser-dos(10018)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/10018.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-09-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "HTML interface for Cisco VPN 3000 Concentrator 2.x.x and 3.x.x before 3.0.3(B) allows remote attackers to cause a denial of service (CPU consumption) via a long URL request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2003-01-10T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml"
},
{
"name": "5615",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5615"
},
{
"name": "cisco-vpn-html-parser-dos(10018)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/10018.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1093",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HTML interface for Cisco VPN 3000 Concentrator 2.x.x and 3.x.x before 3.0.3(B) allows remote attackers to cause a denial of service (CPU consumption) via a long URL request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml"
},
{
"name": "5615",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5615"
},
{
"name": "cisco-vpn-html-parser-dos(10018)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10018.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1093",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2002-09-06T00:00:00",
"dateUpdated": "2024-08-08T03:12:17.067Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}