ID CVE-2006-4313
Summary Multiple unspecified vulnerabilities in Cisco VPN 3000 series concentrators before 4.1, 4.1.x up to 4.1(7)L, and 4.7.x up to 4.7(2)F allow attackers to execute the (1) CWD, (2) MKD, (3) CDUP, (4) RNFR, (5) SIZE, and (6) RMD FTP commands to modify files or create and delete directories via unknown vectors.
References
Vulnerable Configurations
  • Cisco VPN 3000 Concentrator Series Software 4.0
    cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.0
  • Cisco VPN 3000 Concentrator Series Software 4.0.1
    cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.0.1
  • Cisco VPN 3000 Concentrator Series Software 4.0.5.b
    cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.0.5.b
  • Cisco VPN 3000 Concentrator Series Software 4.1.5.b
    cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.1.5.b
  • Cisco VPN 3000 Concentrator Series Software 4.1.7.a
    cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.1.7.a
  • Cisco VPN 3000 Concentrator Series Software 4.1.7.b
    cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.1.7.b
  • Cisco VPN 3000 Concentrator Series Software 4.1.7.l
    cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.1.7.l
  • Cisco VPN 3000 Concentrator Series Software 4.7
    cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.7
  • Cisco VPN 3000 Concentrator Series Software 4.7.1
    cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.7.1
  • Cisco VPN 3000 Concentrator Series Software 4.7.1.f
    cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.7.1.f
  • Cisco VPN 3000 Concentrator Series Software 4.7.2.f
    cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.7.2.f
CVSS
Base: 5.0 (as of 24-08-2006 - 12:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
metasploit via4
description This module tests for a logic vulnerability in the Cisco VPN Concentrator 3000 series. It is possible to execute some FTP statements without authentication (CWD, RNFR, MKD, RMD, SIZE, CDUP). It also appears to have some memory leak bugs when working with CWD commands. This module simply creates an arbitrary directory, verifies that the directory has been created, then deletes it and verifies deletion to confirm the bug.
id MSF:AUXILIARY/ADMIN/CISCO/VPN_3000_FTP_BYPASS
last seen 2019-03-24
modified 2017-11-08
published 2009-07-06
reliability Normal
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/cisco/vpn_3000_ftp_bypass.rb
title Cisco VPN Concentrator 3000 FTP Unauthorized Administrative Access
refmap via4
bid 19680
cisco 20060823 Cisco VPN 3000 Concentrator FTP Management Vulnerabilities
osvdb
  • 28138
  • 28139
sectrack 1016737
secunia 21617
vupen ADV-2006-3368
xf cisco-vpn-ftp-command-execute(28539)
Last major update 07-03-2011 - 21:40
Published 23-08-2006 - 18:04
Last modified 30-10-2018 - 12:26
Back to Top