Cisco VPN Concentrator 3000 prior 3.5.4 extended enumeration 2.0
 
Plugin ID229
Plugin nameCisco VPN Concentrator 3000 prior 3.5.4 extended enumeration
Plugin filenameCisco VPN Concentrator 3000 prior 3.5.4 extended enumeration.plugin
Plugin filesize3776 bytes
Plugin familyNetwork devices
Plugin created nameMarc Ruef
Plugin created emailmarc dot ruef at computec dot ch
Plugin created webhttp://www.computec.ch
Plugin created companycomputec.ch
Plugin created date2004/09/15
Plugin updated nameMarc Ruef
Plugin updated emailmarc dot ruef at computec dot ch
Plugin updated webhttp://www.computec.ch
Plugin updated companycomputec.ch
Plugin updated date2004/11/14
Plugin version2.0
Plugin changelogCorrected the plugin structure and added the accuracy values in 1.1. Improved the pattern matching and introduced the plugin changelog in 2.0
Plugin protocoltcp
Plugin port80
Plugin procedure detectionopen|send GET /ATKnonexistent.htm HTTP/1.0\n\n|sleep|close|pattern_exists HTTP/#.# 200 *<b>Software Version:</b>*Cisco Systems, Inc./VPN 3000 Concentrator Version*
Plugin detection accuracy90
Plugin commentThis plugin should be very accurate. But is not tested!
Bug published emailsecurity at cisco dot com
Bug published webhttp://www.cisco.com
Bug published companyCisco
Bug published date2004/09/03
Bug advisoryhttp://www.securityfocus.com/advisories/4446
Bug produced nameCisco Systems
Bug produced emailinfo at cisco dot com
Bug produced webhttp://www.cisco.com
Bug affectedCisco VPN Concentrator 3000 prior 3.5.4
Bug not affectedCisco VPN Concentrator 3000 3.5.4 or newer, other Cisco products or network devices by other vendors
Bug vulnerability classConfiguration
Bug descriptionThe target is a Cisco VPN Concentrator 3000. These may be vulnerable to extended enumeration. They gives out too much information in application layer banners. These could be used for further enumeration or dedicated attacks.
Bug solutionUpgrade your Cisco firmware and filter incoming traffic on port tcp/80. As workaround (disabling the web service) you could add the rule set web disabled, write, reboot into your device. See http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml for more details.
Bug fixing timeApprox. 30 minutes
Bug exploit availabilityYes
Bug exploit urlhttp://www.securityfocus.com/bid/5624/exploit/
Bug remoteYes
Bug localNo
Bug severityMedium
Bug popularity6
Bug simplicity7
Bug impact6
Bug risk6
Bug Nessus riskLow
Bug check toolsNessus is also able to do the same check.
Source CVECAN-2002-1094
Source SecurityFocus BID5624
Source Nessus ID14718
Source LiteratureHacking Exposed: Network Security Secrets & Solutions, Stuart McClure, Joel Scambray and George Kurtz, February 25, 2003, 4th Edition, McGraw-Hill Osborne Media, ISBN 0072227427
Source Misc.http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml

This file was generated by the Attack Tool Kit (ATK), the open-sourced security scanner and exploiting framework.