Reported May 7, 2003, by Cisco Systems

 

 

VERSIONS AFFECTED

 

  • Cisco VPN 3000 Series Concentrator

 

DESCRIPTION

 

Multiple vulnerabilities exist in the Cisco VPN 3000 Series Concentrator, the most serious of which can let an attacker access the internal hosts on the IPSec over TCP configured ports. The other two vulnerabilities can result in a Denial of Service (DoS) condition on the VPN Concentrator.

 

VENDOR RESPONSE

 

Cisco has released an advisory and a fix for affected customers, which can be obtained from the company’s Web site. The company recommends that customers upgrade to fixed software versions, as detailed in this documentation.

 

 

CREDIT

 

Discovered by Cisco.