CERTVU:317348Cisco VPN 3000 Concentrator forces device to reload when processing malformed SSH initialization packet
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
EPSS
Percentile
81.0%
Overview
A vulnerability in some Cisco Virtual Private Network (VPN) products could allow a remote attacker to cause a denial of service.
Description
The Cisco VPN 3000 Series Concentrators and the Cisco VPN 3002 Hardware Clients are Virtual Private Network (VPN) platforms designed to provide secure remote network access. Some models of these devices contain a vulnerability by which a malformed SSH initialization packet sent during the initial SSH session setup may reload the VPN 3000 series concentrator.
Impact
A denial-of-service condition can result from unexpected rebooting of the affected device.
Solution
Cisco Systems Inc. has released software patches and workaround information for this vulnerability. Please see the vendor information section of this document for more details.
Workarounds
Restrict access to the SSH server on the VPN concentrator by applying appropriate rules to the filters for the interfaces such that connections are permitted only from trusted client hosts. Sites may additionally wish to filter SSH connections on network devices that are upstream from the affected VPN Concentrator device. Sites may wish to apply this workaround in conjunction with the application of the recommended patches. As a general rule, the CERT/CC recommends that sites block all types of network traffic that are not explicitly required for normal operation.
Vendor Information
317348
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Cisco Systems Inc. __ Affected
Updated: May 08, 2003
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
Cisco Systems Inc. has released Cisco Security Advisory 20030507-vpn3k in response to this issue. Users are encouraged to review this advisory and apply the patches and workarounds it recommends.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23317348 Feedback>).
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
- <http://www.cisco.com/warp/public/707/cisco-sa-20030507-vpn3k.shtml>
- <http://www.iss.net/security_center/static/11955.php>
Acknowledgements
Thanks to Cisco Systems Product Security Incident Response Team for reporting this vulnerability.
This document was written by Chad R Dougherty.
Other Information
| CVE IDs: | CVE-2003-0259 |
|---|---|
| Severity Metric: | 6.75 Date Public: |
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
EPSS
Percentile
81.0%