VAR-200605-0093
Vulnerability from variot - Updated: 2023-12-18 13:05The transparent proxy feature of the Cisco Application Velocity System (AVS) 3110 5.0 and 4.0 and earlier, and 3120 5.0.0 and earlier, has a default configuration that allows remote attackers to proxy arbitrary TCP connections, aka Bug ID CSCsd32143. This software fails to allow only valid TCP ports to be used by remote users. Remote attackers may use the affected software as an open TCP proxy. Attackers have exploited this to send unsolicited commercial email (UCE). Versions of AVS prior to 5.0.1 are vulnerable to this issue.
The problem is caused due to insecure default settings allowing anyone to use the device as an open relay to any TCP service able to process data embedded in HTTP POST requests.
The security issue affects the following products: * AVS 3110 versions 4.0 and 5.0 (and prior) * AVS 3120 version 5.0.0 (and prior)
NOTE: According to Cisco PSIRT, the security issue is actively exploited to send unsolicited commercial e-mails and obscure the true originator.
SOLUTION: Update to version 5.0.1.
Software for AVS 3110: http://www.cisco.com/pcgi-bin/tablebuild.pl/AVS3110-5.0.1
Software for AVS 3120: http://www.cisco.com/pcgi-bin/tablebuild.pl/AVS3120-5.0.1
PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.
ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20060510-avs.shtml
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200605-0093",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "application velocity system 3110",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "4.0"
},
{
"model": "application velocity system 3110",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "5.0"
},
{
"model": "application velocity system 3120",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "5.0"
},
{
"model": "application velocity system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "31205.0"
},
{
"model": "application velocity system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "31105.0"
},
{
"model": "application velocity system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "31104.0"
},
{
"model": "application velocity system",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "31205.0.1"
},
{
"model": "application velocity system",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "31105.0.1"
}
],
"sources": [
{
"db": "BID",
"id": "17937"
},
{
"db": "NVD",
"id": "CVE-2006-2322"
},
{
"db": "CNNVD",
"id": "CNNVD-200605-223"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:application_velocity_system_3110:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:application_velocity_system_3110:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:application_velocity_system_3120:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-2322"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor disclosed this issue.",
"sources": [
{
"db": "BID",
"id": "17937"
},
{
"db": "CNNVD",
"id": "CNNVD-200605-223"
}
],
"trust": 0.9
},
"cve": "CVE-2006-2322",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-18430",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2006-2322",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200605-223",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-18430",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-18430"
},
{
"db": "NVD",
"id": "CVE-2006-2322"
},
{
"db": "CNNVD",
"id": "CNNVD-200605-223"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The transparent proxy feature of the Cisco Application Velocity System (AVS) 3110 5.0 and 4.0 and earlier, and 3120 5.0.0 and earlier, has a default configuration that allows remote attackers to proxy arbitrary TCP connections, aka Bug ID CSCsd32143. This software fails to allow only valid TCP ports to be used by remote users. \nRemote attackers may use the affected software as an open TCP proxy. Attackers have exploited this to send unsolicited commercial email (UCE). \nVersions of AVS prior to 5.0.1 are vulnerable to this issue. \n\nThe problem is caused due to insecure default settings allowing\nanyone to use the device as an open relay to any TCP service able to\nprocess data embedded in HTTP POST requests. \n\nThe security issue affects the following products:\n* AVS 3110 versions 4.0 and 5.0 (and prior)\n* AVS 3120 version 5.0.0 (and prior)\n\nNOTE: According to Cisco PSIRT, the security issue is actively\nexploited to send unsolicited commercial e-mails and obscure the true\noriginator. \n\nSOLUTION:\nUpdate to version 5.0.1. \n\nSoftware for AVS 3110:\nhttp://www.cisco.com/pcgi-bin/tablebuild.pl/AVS3110-5.0.1\n\nSoftware for AVS 3120:\nhttp://www.cisco.com/pcgi-bin/tablebuild.pl/AVS3120-5.0.1\n\nPROVIDED AND/OR DISCOVERED BY:\nReported by the vendor. \n\nORIGINAL ADVISORY:\nhttp://www.cisco.com/warp/public/707/cisco-sa-20060510-avs.shtml\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-2322"
},
{
"db": "BID",
"id": "17937"
},
{
"db": "VULHUB",
"id": "VHN-18430"
},
{
"db": "PACKETSTORM",
"id": "46249"
}
],
"trust": 1.35
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "17937",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "20079",
"trust": 1.8
},
{
"db": "SECTRACK",
"id": "1016056",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2006-1762",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "25459",
"trust": 1.7
},
{
"db": "NVD",
"id": "CVE-2006-2322",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200605-223",
"trust": 0.7
},
{
"db": "XF",
"id": "26351",
"trust": 0.6
},
{
"db": "CISCO",
"id": "20060510 AVS TCP RELAY VULNERABILITY",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-18430",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "46249",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-18430"
},
{
"db": "BID",
"id": "17937"
},
{
"db": "PACKETSTORM",
"id": "46249"
},
{
"db": "NVD",
"id": "CVE-2006-2322"
},
{
"db": "CNNVD",
"id": "CNNVD-200605-223"
}
]
},
"id": "VAR-200605-0093",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-18430"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:05:16.432000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-2322"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20060510-avs.shtml"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/17937"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/25459"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1016056"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/20079"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2006/1762"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26351"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2006/1762"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/26351"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/en/us/products/ps6492/index.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/20079/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/pcgi-bin/tablebuild.pl/avs3110-5.0.1"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/9889/"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/pcgi-bin/tablebuild.pl/avs3120-5.0.1"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/9890/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-18430"
},
{
"db": "BID",
"id": "17937"
},
{
"db": "PACKETSTORM",
"id": "46249"
},
{
"db": "NVD",
"id": "CVE-2006-2322"
},
{
"db": "CNNVD",
"id": "CNNVD-200605-223"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-18430"
},
{
"db": "BID",
"id": "17937"
},
{
"db": "PACKETSTORM",
"id": "46249"
},
{
"db": "NVD",
"id": "CVE-2006-2322"
},
{
"db": "CNNVD",
"id": "CNNVD-200605-223"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-05-12T00:00:00",
"db": "VULHUB",
"id": "VHN-18430"
},
{
"date": "2006-05-10T00:00:00",
"db": "BID",
"id": "17937"
},
{
"date": "2006-05-17T05:39:52",
"db": "PACKETSTORM",
"id": "46249"
},
{
"date": "2006-05-12T00:02:00",
"db": "NVD",
"id": "CVE-2006-2322"
},
{
"date": "2006-05-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200605-223"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-20T00:00:00",
"db": "VULHUB",
"id": "VHN-18430"
},
{
"date": "2006-05-15T17:59:00",
"db": "BID",
"id": "17937"
},
{
"date": "2017-07-20T01:31:22.507000",
"db": "NVD",
"id": "CVE-2006-2322"
},
{
"date": "2006-05-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200605-223"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200605-223"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Application Velocity System Open TCP Proxy server function default allocation Input validation vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200605-223"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access verification error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200605-223"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…