ID CVE-2006-3906
Summary Internet Key Exchange (IKE) version 1 protocol, as implemented on Cisco IOS, VPN 3000 Concentrators, and PIX firewalls, allows remote attackers to cause a denial of service (resource exhaustion) via a flood of IKE Phase-1 packets that exceed the session expiration rate. NOTE: it has been argued that this is due to a design weakness of the IKE version 1 protocol, in which case other vendors and implementations would also be affected.
References
Vulnerable Configurations
  • Cisco IOS
    cpe:2.3:o:cisco:ios
  • Cisco Adaptive Security Appliance (ASA) Software 7.0
    cpe:2.3:a:cisco:adaptive_security_appliance_software:7.0
  • Cisco Adaptive Security Appliance (ASA) Software 7.0(4)
    cpe:2.3:a:cisco:adaptive_security_appliance_software:7.0%284%29
  • Cisco Adaptive Security Appliance (ASA) Software 7.0(5)
    cpe:2.3:a:cisco:adaptive_security_appliance_software:7.0%285%29
  • Cisco Adaptive Security Appliance (ASA) Software 7.0.1.4
    cpe:2.3:a:cisco:adaptive_security_appliance_software:7.0.1.4
  • Cisco Adaptive Security Appliance (ASA) Software 7.0.4.3
    cpe:2.3:a:cisco:adaptive_security_appliance_software:7.0.4.3
  • Cisco Adaptive Security Appliance (ASA) Software 7.1(2)
    cpe:2.3:a:cisco:adaptive_security_appliance_software:7.1%282%29
  • Cisco VPN 3001 Concentrator
    cpe:2.3:h:cisco:vpn_3001_concentrator
  • Cisco VPN 3015 Concentrator
    cpe:2.3:h:cisco:vpn_3015_concentrator
  • Cisco VPN 3020 Concentrator
    cpe:2.3:h:cisco:vpn_3020_concentrator
  • Cisco VPN 3030 Concentator
    cpe:2.3:h:cisco:vpn_3030_concentator
  • Cisco VPN 3060 Concentrator
    cpe:2.3:h:cisco:vpn_3060_concentrator
  • Cisco VPN 3080 Concentrator
    cpe:2.3:h:cisco:vpn_3080_concentrator
  • Cisco VPN 3000 Concentrator Series Software 2.0
    cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.0
  • Cisco VPN 3000 Concentrator Series Software 2.5.2.a
    cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.5.2.a
  • Cisco VPN 3000 Concentrator Series Software 2.5.2.b
    cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.5.2.b
  • Cisco VPN 3000 Concentrator Series Software 2.5.2.c
    cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.5.2.c
  • Cisco VPN 3000 Concentrator Series Software 2.5.2.d
    cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.5.2.d
  • Cisco VPN 3000 Concentrator Series Software 2.5.2.f
    cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.5.2.f
  • Cisco VPN 3000 Concentrator Series Software 3.0
    cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.0
  • Cisco VPN 3000 Concentrator Series Software 3.0.3.a
    cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.0.3.a
  • Cisco VPN 3000 Concentrator Series Software 3.0.3.b
    cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.0.3.b
  • Cisco VPN 3000 Concentrator Series Software 3.0.4
    cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.0.4
  • Cisco VPN 3000 Concentrator Series Software 3.1
    cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.1
  • Cisco VPN 3000 Concentrator Series Software 3.1 (Rel)
    cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.1%28rel%29
  • Cisco VPN 3000 Concentrator Series Software 3.1.1
    cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.1.1
  • Cisco VPN 3000 Concentrator Series Software 3.1.2
    cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.1.2
  • Cisco VPN 3000 Concentrator Series Software 3.1.4
    cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.1.4
  • Cisco VPN 3000 Concentrator Series Software 3.5 (Rel)
    cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5%28rel%29
  • Cisco VPN 3000 Concentrator Series Software 3.5.1
    cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.1
  • Cisco VPN 3000 Concentrator Series Software 3.5.2
    cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.2
  • Cisco VPN 3000 Concentrator Series Software 3.5.3
    cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.3
  • Cisco VPN 3000 Concentrator Series Software 3.5.4
    cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.4
  • Cisco VPN 3000 Concentrator Series Software 3.5.5
    cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.5
  • Cisco VPN 3000 Concentrator Series Software 3.6
    cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6
  • Cisco VPN 3000 Concentrator Series Software 3.6.1
    cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.1
  • Cisco VPN 3000 Concentrator Series Software 3.6.3
    cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.3
  • Cisco VPN 3000 Concentrator Series Software 3.6.5
    cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.5
  • Cisco VPN 3000 Concentrator Series Software 3.6.7
    cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7
  • Cisco VPN 3000 Concentrator Series Software 3.6.7.a
    cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7.a
  • Cisco VPN 3000 Concentrator Series Software 3.6.7.b
    cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7.b
  • Cisco VPN 3000 Concentrator Series Software 3.6.7.c
    cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7.c
  • Cisco VPN 3000 Concentrator Series Software 3.6.7.d
    cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7.d
  • Cisco VPN 3000 Concentrator Series Software 3.6.7.f
    cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7.f
  • Cisco VPN 3000 Concentrator Series Software 3.6.7d
    cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7d
  • Cisco VPN 3000 Concentrator Series Software 4.0
    cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.0
  • Cisco VPN 3000 Concentrator Series Software 4.0.1
    cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.0.1
  • Cisco VPN 3000 Concentrator Series Software 4.0.2
    cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.0.2
  • Cisco VPN 3000 Concentrator Series Software 4.0.5.b
    cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.0.5.b
  • Cisco VPN 3000 Concentrator Series Software 4.1
    cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.1
  • Cisco VPN 3000 Concentrator Series Software 4.1.5.b
    cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.1.5.b
  • Cisco VPN 3000 Concentrator Series Software 4.1.7.a
    cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.1.7.a
  • Cisco VPN 3000 Concentrator Series Software 4.1.7.b
    cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.1.7.b
  • Cisco VPN 3000 Concentrator Series Software 4.1.7.l
    cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.1.7.l
  • Cisco VPN 3000 Concentrator Series Software 4.7
    cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.7
  • Cisco VPN 3000 Concentrator Series Software 4.7 (Rel)
    cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.7%28rel%29
  • Cisco VPN 3000 Concentrator Series Software 4.7.1
    cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.7.1
  • Cisco VPN 3000 Concentrator Series Software 4.7.1.f
    cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.7.1.f
  • Cisco VPN 3000 Concentrator Series Software 4.7.2
    cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.7.2
  • Cisco VPN 3000 Concentrator Series Software 4.7.2.a
    cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.7.2.a
  • Cisco VPN 3000 Concentrator Series Software 4.7.2.f
    cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.7.2.f
  • Cisco VPN 3005 Concentrator Software 4.0.1
    cpe:2.3:o:cisco:vpn_3005_concentrator_software:4.0.1
  • Cisco VPN 3030 Concentator 4.7 REL
    cpe:2.3:o:cisco:vpn_3030_concentator:4.7%28rel%29
  • Cisco VPN 3030 Concentator 4.7.1
    cpe:2.3:o:cisco:vpn_3030_concentator:4.7.1
  • Cisco VPN 3030 Concentator 4.7.1 F
    cpe:2.3:o:cisco:vpn_3030_concentator:4.7.1.f
  • Cisco VPN 3030 Concentator 4.7.2
    cpe:2.3:o:cisco:vpn_3030_concentator:4.7.2
  • Cisco VPN 3030 Concentator 4.7.2 A
    cpe:2.3:o:cisco:vpn_3030_concentator:4.7.2.a
  • Cisco VPN 3030 Concentator 4.7.2 F
    cpe:2.3:o:cisco:vpn_3030_concentator:4.7.2.f
  • Cisco PIX_ASA IDS
    cpe:2.3:a:cisco:pix_asa_ids
  • cpe:2.3:a:cisco:pix_firewall:6.2.2_.111
    cpe:2.3:a:cisco:pix_firewall:6.2.2_.111
  • cpe:2.3:a:cisco:pix_firewall:6.2.3_%28110%29
    cpe:2.3:a:cisco:pix_firewall:6.2.3_%28110%29
  • cpe:2.3:a:cisco:pix_firewall:6.3.3_%28133%29
    cpe:2.3:a:cisco:pix_firewall:6.3.3_%28133%29
  • cpe:2.3:a:cisco:pix_firewall:6.3.5_%28112%29
    cpe:2.3:a:cisco:pix_firewall:6.3.5_%28112%29
  • Cisco PIX Firewall 501
    cpe:2.3:h:cisco:pix_firewall_501
  • Cisco PIX Firewall 506
    cpe:2.3:h:cisco:pix_firewall_506
  • Cisco PIX Firewall 515
    cpe:2.3:h:cisco:pix_firewall_515
  • Cisco PIX 515E Firewall Security Appliance
    cpe:2.3:h:cisco:pix_firewall_515e
  • Cisco PIX Firewall 520
    cpe:2.3:h:cisco:pix_firewall_520
  • Cisco PIX Firewall 525
    cpe:2.3:h:cisco:pix_firewall_525
  • Cisco PIX Firewall 535
    cpe:2.3:h:cisco:pix_firewall_535
  • Cisco Secure PIX Firewall
    cpe:2.3:h:cisco:secure_pix_firewall
  • Cisco PIX Firewall 6.1.5 (104)
    cpe:2.3:o:cisco:pix_firewall:6.1.5%28104%29
  • Cisco PIX Firewall Software 2.7
    cpe:2.3:o:cisco:pix_firewall_software:2.7
  • Cisco PIX Firewall Software 3.0
    cpe:2.3:o:cisco:pix_firewall_software:3.0
  • Cisco PIX Firewall Software 3.1
    cpe:2.3:o:cisco:pix_firewall_software:3.1
  • Cisco PIX Firewall Software 4.0
    cpe:2.3:o:cisco:pix_firewall_software:4.0
  • Cisco PIX Firewall Software 4.1(6)
    cpe:2.3:o:cisco:pix_firewall_software:4.1%286%29
  • Cisco PIX Firewall Software 4.1.6 b
    cpe:2.3:o:cisco:pix_firewall_software:4.1%286b%29
  • Cisco PIX Firewall Software 4.2
    cpe:2.3:o:cisco:pix_firewall_software:4.2
  • Cisco PIX Firewall Software 4.2.1
    cpe:2.3:o:cisco:pix_firewall_software:4.2%281%29
  • Cisco PIX Firewall Software 4.2.2
    cpe:2.3:o:cisco:pix_firewall_software:4.2%282%29
  • Cisco PIX Firewall Software 4.2(5)
    cpe:2.3:o:cisco:pix_firewall_software:4.2%285%29
  • Cisco PIX Firewall Software 4.3
    cpe:2.3:o:cisco:pix_firewall_software:4.3
  • Cisco PIX Firewall Software 4.4
    cpe:2.3:o:cisco:pix_firewall_software:4.4
  • Cisco PIX Firewall Software 4.4(4)
    cpe:2.3:o:cisco:pix_firewall_software:4.4%284%29
  • Cisco PIX Firewall Software 4.4(7.202)
    cpe:2.3:o:cisco:pix_firewall_software:4.4%287.202%29
  • Cisco PIX Firewall Software 4.4(8)
    cpe:2.3:o:cisco:pix_firewall_software:4.4%288%29
  • Cisco PIX Firewall Software 5.0
    cpe:2.3:o:cisco:pix_firewall_software:5.0
  • Cisco PIX Firewall Software 5.1
    cpe:2.3:o:cisco:pix_firewall_software:5.1
  • Cisco PIX Firewall Software 5.1(4)
    cpe:2.3:o:cisco:pix_firewall_software:5.1%284%29
  • Cisco PIX Firewall Software 5.1 (4.206)
    cpe:2.3:o:cisco:pix_firewall_software:5.1%284.206%29
  • Cisco PIX Firewall Software 5.2
    cpe:2.3:o:cisco:pix_firewall_software:5.2
  • Cisco PIX Firewall Software 5.2(1)
    cpe:2.3:o:cisco:pix_firewall_software:5.2%281%29
  • Cisco PIX Firewall Software 5.2 (2)
    cpe:2.3:o:cisco:pix_firewall_software:5.2%282%29
  • Cisco PIX Firewall Software 5.2 (3.210)
    cpe:2.3:o:cisco:pix_firewall_software:5.2%283.210%29
  • Cisco PIX Firewall Software 5.2 (5)
    cpe:2.3:o:cisco:pix_firewall_software:5.2%285%29
  • Cisco PIX Firewall Software 5.2 (6)
    cpe:2.3:o:cisco:pix_firewall_software:5.2%286%29
  • Cisco PIX Firewall Software 5.2(7)
    cpe:2.3:o:cisco:pix_firewall_software:5.2%287%29
  • Cisco PIX Firewall Software 5.2 (9)
    cpe:2.3:o:cisco:pix_firewall_software:5.2%289%29
  • Cisco PIX Firewall Software 5.3
    cpe:2.3:o:cisco:pix_firewall_software:5.3
  • Cisco PIX Firewall Software 5.3(1)
    cpe:2.3:o:cisco:pix_firewall_software:5.3%281%29
  • Cisco PIX Firewall Software 5.3(1.200)
    cpe:2.3:o:cisco:pix_firewall_software:5.3%281.200%29
  • Cisco PIX Firewall Software 5.3(2)
    cpe:2.3:o:cisco:pix_firewall_software:5.3%282%29
  • Cisco PIX Firewall Software 5.3(3)
    cpe:2.3:o:cisco:pix_firewall_software:5.3%283%29
  • Cisco PIX Firewall Software 6.0
    cpe:2.3:o:cisco:pix_firewall_software:6.0
  • Cisco PIX Firewall Software 6.0(1)
    cpe:2.3:o:cisco:pix_firewall_software:6.0%281%29
  • Cisco PIX Firewall Software 6.0(2)
    cpe:2.3:o:cisco:pix_firewall_software:6.0%282%29
  • Cisco PIX Firewall Software 6.0(3)
    cpe:2.3:o:cisco:pix_firewall_software:6.0%283%29
  • Cisco PIX Firewall Software 6.0(4)
    cpe:2.3:o:cisco:pix_firewall_software:6.0%284%29
  • Cisco PIX Firewall Software 6.0(4.101)
    cpe:2.3:o:cisco:pix_firewall_software:6.0%284.101%29
  • Cisco PIX Firewall Software 6.1
    cpe:2.3:o:cisco:pix_firewall_software:6.1
  • Cisco PIX Firewall Software 6.1(1)
    cpe:2.3:o:cisco:pix_firewall_software:6.1%281%29
  • Cisco PIX Firewall Software 6.1(2)
    cpe:2.3:o:cisco:pix_firewall_software:6.1%282%29
  • Cisco PIX Firewall Software 6.1(3)
    cpe:2.3:o:cisco:pix_firewall_software:6.1%283%29
  • Cisco PIX Firewall Software 6.1(4)
    cpe:2.3:o:cisco:pix_firewall_software:6.1%284%29
  • Cisco PIX Firewall Software 6.1(5)
    cpe:2.3:o:cisco:pix_firewall_software:6.1%285%29
  • Cisco PIX Firewall Software 6.2
    cpe:2.3:o:cisco:pix_firewall_software:6.2
  • Cisco PIX Firewall Software 6.2(1)
    cpe:2.3:o:cisco:pix_firewall_software:6.2%281%29
  • Cisco PIX Firewall Software 6.2(2)
    cpe:2.3:o:cisco:pix_firewall_software:6.2%282%29
  • Cisco PIX Firewall Software 6.2(3)
    cpe:2.3:o:cisco:pix_firewall_software:6.2%283%29
  • Cisco PIX Firewall Software 6.2 (3.100)
    cpe:2.3:o:cisco:pix_firewall_software:6.2%283.100%29
  • Cisco PIX Firewall Software 6.3
    cpe:2.3:o:cisco:pix_firewall_software:6.3
  • Cisco PIX Firewall Software 6.3(1)
    cpe:2.3:o:cisco:pix_firewall_software:6.3%281%29
  • Cisco PIX Firewall Software 6.3(2)
    cpe:2.3:o:cisco:pix_firewall_software:6.3%282%29
  • Cisco PIX Firewall Software 6.3(3)
    cpe:2.3:o:cisco:pix_firewall_software:6.3%283%29
  • Cisco PIX Firewall Software 6.3(3.102)
    cpe:2.3:o:cisco:pix_firewall_software:6.3%283.102%29
  • Cisco PIX Firewall Software 6.3(3.109)
    cpe:2.3:o:cisco:pix_firewall_software:6.3%283.109%29
  • Cisco PIX Firewall Software 6.3(5)
    cpe:2.3:o:cisco:pix_firewall_software:6.3%285%29
CVSS
Base: 5.0 (as of 31-07-2006 - 13:54)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
oval via4
accepted 2008-09-08T04:00:21.662-04:00
class vulnerability
contributors
name Yuzheng Zhou
organization Hewlett-Packard
description Internet Key Exchange (IKE) version 1 protocol, as implemented on Cisco IOS, VPN 3000 Concentrators, and PIX firewalls, allows remote attackers to cause a denial of service (resource exhaustion) via a flood of IKE Phase-1 packets that exceed the session expiration rate. NOTE: it has been argued that this is due to a design weakness of the IKE version 1 protocol, in which case other vendors and implementations would also be affected.
family ios
id oval:org.mitre.oval:def:5299
status accepted
submitted 2008-05-26T11:06:36.000-04:00
title Cisco Multiple Products IKE Packet DoS
version 3
refmap via4
bid 19176
bugtraq
  • 20060726 Cisco VPN Concentrator IKE resource exhaustion DoS Advisory
  • 20060728 Re: Cisco VPN Concentrator IKE resource exhaustion DoS Advisory
cisco 20060726 Internet Key Exchange Resource Exhaustion Attack
misc http://www.nta-monitor.com/posts/2006/07/cisco-concentrator-dos.html
osvdb 29068
sectrack 1016582
sreason 1293
xf cisco-ike-resource-exhaustion-dos(27972)
Last major update 04-03-2009 - 00:58
Published 27-07-2006 - 18:04
Last modified 30-10-2018 - 12:26
Back to Top