Vulnerabilities > CVE-2003-0259 - Denial-Of-Service vulnerability in VPN 3000 Concentrator

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
cisco
nessus

Summary

Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 2.x.x through 3.6.7 allows remote attackers to cause a denial of service (reload) via a malformed SSH initialization packet.

Vulnerable Configurations

Part Description Count
Hardware
Cisco
4
OS
Cisco
31
Application
Cisco
1

Nessus

NASL familyCISCO
NASL idCSCEA77143.NASL
descriptionThe remote Cisco VPN 3000 concentrator is affected by several vulnerabilities that could allow an attacker to use this device to break into a VPN, disable the remote device by sending a malformed SSH initialization packet or disable the remote device by sending a flood of malformed ICMP packets. These vulnerabilities are documented with the CISCO bug IDs CSCdea77143, CSCdz15393 and CSCdt84906.
last seen2020-06-01
modified2020-06-02
plugin id11594
published2003-05-07
reporterThis script is (C) 2003-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/11594
titleCisco VPN 3000 Series Multiple Vulnerabilities (CSCdea77143, CSCdz15393, CSCdt84906)
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if(description)
{
 script_id(11594);
 script_version("1.20");
 script_cve_id("CVE-2003-0258","CVE-2003-0259","CVE-2003-0260");

 script_name(english:"Cisco VPN 3000 Series Multiple Vulnerabilities (CSCdea77143, CSCdz15393, CSCdt84906)");
 
 script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch." );
 script_set_attribute(attribute:"description", value:
"The remote Cisco VPN 3000 concentrator is affected by several
vulnerabilities that could allow an attacker to use this device
to break into a VPN, disable the remote device by sending
a malformed SSH initialization packet or disable the
remote device by sending a flood of malformed ICMP packets.

These vulnerabilities are documented with the CISCO
bug IDs CSCdea77143, CSCdz15393 and CSCdt84906." );
 script_set_attribute(attribute:"solution", value:
"http://www.nessus.org/u?a98c23a3" );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");

 script_set_attribute(attribute:"plugin_publication_date", value: "2003/05/07");
 script_cvs_date("Date: 2018/08/09 17:06:35");
 script_set_attribute(attribute:"vuln_publication_date", value: "2003/05/07");
 script_set_attribute(attribute:"plugin_type", value:"local");
 script_set_attribute(attribute:"cpe", value: "cpe:/o:cisco:ios");
 script_end_attributes();

 script_summary(english:"Uses SNMP to determine if a flaw is present");
 script_category(ACT_GATHER_INFO);
 script_copyright(english:"This script is (C) 2003-2018 Tenable Network Security, Inc.");
 script_family(english:"CISCO");
 script_dependencie("snmp_sysDesc.nasl", "snmp_cisco_type.nasl");
 script_require_keys("SNMP/community", "SNMP/sysDesc", "CISCO/model");
 exit(0);
}

# The code starts here

ok=0;
os = get_kb_item("SNMP/sysDesc"); if(!os)exit(0);
hardware = get_kb_item("CISCO/model"); if(!hardware)exit(0);

# Check for the required hardware...
#----------------------------------------------------------------
# catalyst.*
if(ereg(string:hardware, pattern:"^catalyst.*$"))ok=1;

if(!ok)exit(0);
ok = 0;


# Check for the required operating system...
#----------------------------------------------------------------
# Is this CatOS ?

if(!egrep(pattern:".*Cisco Catalyst Operating System.*", string:os))exit(0);
# 3.0, 3.1 and 3.5 are vulnerable
if(egrep(string:os, pattern:"3\.[015].*,"))ok=1;


# 3.6.x fixed in 3.6.7
if(egrep(string:os, pattern:"3\.6\.[0-6][^0-9].*,"))ok=1;
if(egrep(string:os, pattern:"3\.6\.7[A-E].*,"))ok=1;


# 4.x -> fixed in 4.0.1
if(egrep(string:os, pattern:"4\.0(\.0)?.*,"))ok=1;



if(ok)security_hole(port:161, proto:"udp");