[ISN] Cisco Warns of Flaws in VPN 3000 Series

From: InfoSec News (isnat_private)
Date: Tue Sep 03 2002 - 23:53:36 PDT

Next message: InfoSec News: "[ISN] Windows flaw could be used to forge digital signatures in Outlook"

Previous message: InfoSec News: "[ISN] Beware PayPal's‘"Virtual" Loophole"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.eweek.com/article2/0,3959,509720,00.asp

September 3, 2002 
By Dennis Fisher 

Cisco Systems Inc. on Tuesday released a bulletin detailing more than
a dozen security vulnerabilities in its popular 3000 series of VPN
concentrators.

The effects of the vulnerabilities range from denials of service to
password disclosure to illicit network access. All of the 3000 series
concentrators and the Cisco VPN 3002 Hardware Client are affected by
the flaws.

The most serious problem enables some restricted-access administrative
users to see the administrative password by viewing the source code of
HTML pages containing the password. A separate vulnerability enables
administrators to see the unencrypted certificate password for the
concentrator by viewing the HTML source code.

There is also a flaw that effectively allows any protocol traffic to
access any port on the concentrator. When an administrator enables the
XML filter configuration, the concentrator automatically adds a rule
to the public filter that requires HTTPS for public inbound traffic.  
The rule mistakenly sets the protocol value to "any" and the value for
the destination port to 443.

However, the concentrator only checks the destination port field when
the protocol value is set to TCP or UDP. Consequently, any protocol
can access any port on the vulnerable concentrator with this rule in
place.

There are several vulnerabilities that result in a DoS condition on
vulnerable machines, as well as a flaw that discloses too much
information in the application-level banners. For example, the SSH
banner gives out data on the machine in addition to the version number
of SSH running on the device.

The advisory, which contains detailed information on affected hardware
and upgrading to fixed software versions, is available here.

Cisco, of San Jose, Calif., recommends that customers upgrade to
Version 3.5.5 of the code for the 3000 series concentrators.




-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomoat_private with 'unsubscribe isn'
in the BODY of the mail.

Next message: InfoSec News: "[ISN] Windows flaw could be used to forge digital signatures in Outlook"
Previous message: InfoSec News: "[ISN] Beware PayPal's‘"Virtual" Loophole"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Sep 04 2002 - 02:07:02 PDT