CVE-2006-0483 |
|
发布时间 :2006-01-31 15:03:00 | ||
修订时间 :2017-07-19 21:29:48 | ||||
NMCO |
[原文]Cisco VPN 3000 series concentrators running software 4.7.0 through 4.7.2.A allow remote attackers to cause a denial of service (device reload or user disconnect) via a crafted HTTP packet.
[CNNVD]Cisco VPN 3000集中器态异常的HTTP/TCP数据包拒绝服务漏洞(CNNVD-200601-387)
运行4.7.0至4.7.2.A软件的Cisco VPN 3000系列集中器,远程攻击者可以通过特制的HTTP数据包使系统拒绝服务(设备重新加载或用户断开连接)。
- CVSS (基础分值)
CVSS分值: | 7.8 | [严重(HIGH)] |
机密性影响: | [--] | |
完整性影响: | [--] | |
可用性影响: | [--] | |
攻击复杂度: | [--] | |
攻击向量: | [--] | |
身份认证: | [--] |
- CPE (受影响的平台与产品)
cpe:/o:cisco:vpn_3060_concentrator:4.7 | |
cpe:/o:cisco:vpn_3080_concentrator:4.7%28rel%29 | |
cpe:/o:cisco:vpn_3020_concentrator:4.7.1 | |
cpe:/o:cisco:vpn_3015_concentrator:4.7.2.a | |
cpe:/o:cisco:vpn_3020_concentrator:4.7.2 | |
cpe:/o:cisco:vpn_3060_concentrator:4.7%28rel%29 | |
cpe:/o:cisco:vpn_3030_concentator:4.7.1.f | Cisco VPN 3030 Concentator 4.7.1 F |
cpe:/o:cisco:vpn_3005_concentrator:4.7.2 | |
cpe:/o:cisco:vpn_3060_concentrator:4.7.1.f | |
cpe:/o:cisco:vpn_3005_concentrator:4.7.1 | |
cpe:/o:cisco:vpn_3080_concentrator:4.7.1.f | |
cpe:/o:cisco:vpn_3030_concentator:4.7%28rel%29 | Cisco VPN 3030 Concentator 4.7 REL |
cpe:/o:cisco:vpn_3015_concentrator:4.7 | |
cpe:/o:cisco:vpn_3015_concentrator:4.7.2 | |
cpe:/o:cisco:vpn_3005_concentrator:4.7%28rel%29 | |
cpe:/o:cisco:vpn_3005_concentrator:4.7.1.f | |
cpe:/o:cisco:vpn_3015_concentrator:4.7.1 | |
cpe:/o:cisco:vpn_3080_concentrator:4.7.1 | |
cpe:/o:cisco:vpn_3060_concentrator:4.7.2 | |
cpe:/o:cisco:vpn_3020_concentrator:4.7%28rel%29 | |
cpe:/o:cisco:vpn_3020_concentrator:4.7.1.f | |
cpe:/o:cisco:vpn_3005_concentrator:4.7 | |
cpe:/o:cisco:vpn_3005_concentrator:4.7.2.a | |
cpe:/o:cisco:vpn_3020_concentrator:4.7 | |
cpe:/o:cisco:vpn_3015_concentrator:4.7.1.f | |
cpe:/o:cisco:vpn_3080_concentrator:4.7.2.a | |
cpe:/o:cisco:vpn_3020_concentrator:4.7.2.a | |
cpe:/o:cisco:vpn_3015_concentrator:4.7%28rel%29 | |
cpe:/o:cisco:vpn_3060_concentrator:4.7.2.a | |
cpe:/o:cisco:vpn_3030_concentator:4.7.1 | Cisco VPN 3030 Concentator 4.7.1 |
cpe:/o:cisco:vpn_3030_concentator:4.7.2 | Cisco VPN 3030 Concentator 4.7.2 |
cpe:/o:cisco:vpn_3030_concentator:4.7 | Cisco VPN 3030 Concentator 4.7 |
cpe:/o:cisco:vpn_3030_concentator:4.7.2.a | Cisco VPN 3030 Concentator 4.7.2 A |
cpe:/o:cisco:vpn_3060_concentrator:4.7.1 | |
cpe:/o:cisco:vpn_3080_concentrator:4.7 |
- OVAL (用于检测的技术细节)
未找到相关OVAL定义 |
- 官方数据库链接
- 其它链接及资源
http://securityreason.com/securityalert/375 (UNKNOWN) SREASON 375 |
http://securitytracker.com/id?1015546 (UNKNOWN) SECTRACK 1015546 |
http://www.cisco.com/warp/public/707/cisco-sa-20060126-vpn.shtml (VENDOR_ADVISORY) CISCO 20060126 Cisco VPN 3000 Concentrator Vulnerable to Crafted HTTP Attack |
http://www.securityfocus.com/bid/16394 (UNKNOWN) BID 16394 |
http://www.vupen.com/english/advisories/2006/0346 (UNKNOWN) VUPEN ADV-2006-0346 |
https://exchange.xforce.ibmcloud.com/vulnerabilities/24330 (UNKNOWN) XF cisco-vpn-http-dos(24330) |
- 漏洞信息
Cisco VPN 3000集中器态异常的HTTP/TCP数据包拒绝服务漏洞 | |
高危 | 其他 |
2006-01-31 00:00:00 | 2006-02-13 00:00:00 |
远程 | |
运行4.7.0至4.7.2.A软件的Cisco VPN 3000系列集中器,远程攻击者可以通过特制的HTTP数据包使系统拒绝服务(设备重新加载或用户断开连接)。 |
- 公告与补丁
目前厂商已经发布了升级补丁以修复这个安全问题,厂商发布了相关更新。 |
- 漏洞信息
22754 | |
Cisco VPN 3000 Concentrator Crafted HTTP Packet DoS | |
Remote / Network Access | Denial of Service |
Loss of Availability | Upgrade |
Exploit Unknown | Vendor Verified |
- 漏洞描述
Cisco VPN Conentrator 3000 contains a flaw that may allow a remote denial of service. The issue is triggered when a specially crafted HTTP packet is sent to the service, which will lead to the device being rebooted. This will result in loss of availability for the platform. |
- 时间线
2006-01-26 | Unknow |
Unknow | Unknow |
- 解决方案
Cisco recommends customers upgrade to version 4.7.2.B or higher to fix this vulnerability. However, additional testing by Eldon Sprickerhoff indicates this firmware revision is vulnerable as well. As a workaround, administrators can disable the HTTP service, which is enabled by default. |
- 相关参考
|