The Cisco advisory is located at:
Apparently version 4.7.2(C) resolves this issue.
The workaround is to disable HTTP.
This remote exploit involves sending a small stream (less than 50 packets) of tcp/80 traffic to a Cisco VPN 3000 Concentrator appliance running the WebVPN service. After this occurs, all sessions currently accessing the appliance are dropped, and no further communication is possible until the system is powered down and restarted. No authentication or credentials are required to exercise this vulnerability.
By default, the WebVPN Service permits both tcp/80 (HTTP) and tcp/443 (HTTPS) inbound; the appliance performs a redirect from the HTTP query to the HTTPS. The vulnerability exists within the code base responsible for the redirect.
From: http://www.esentire.com/news/vuln-cisco-vpn.htmlUpdate (06 Feb 2006)
At present, we recommend that all users of firmware that uses Cisco's WebVPN upgrade to the newest version (currently 4.7.2D) AND disable inbound tcp/80 access as a fix for this exploit.
I will be teaching next: Advanced Web App Penetration Testing, Ethical Hacking, and Exploitation Techniques - SANS Cyber Defence Asia Pacific 2021
Adrien de Beaupre
Feb 1st 2006
|Thread locked Subscribe||
Feb 1st 2006
1 decade ago