Vulnerabilities > CVE-2006-4313 - Unspecified vulnerability in Cisco VPN 3000 Concentrator Series Software

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
low complexity
cisco
metasploit
NVD
Published: 2006-08-23
Updated: 2018-10-30

Summary

Multiple unspecified vulnerabilities in Cisco VPN 3000 series concentrators before 4.1, 4.1.x up to 4.1(7)L, and 4.7.x up to 4.7(2)F allow attackers to execute the (1) CWD, (2) MKD, (3) CDUP, (4) RNFR, (5) SIZE, and (6) RMD FTP commands to modify files or create and delete directories via unknown vectors.

Vulnerable Configurations

Part Description Count
OS
Cisco
11

Metasploit

descriptionThis module tests for a logic vulnerability in the Cisco VPN Concentrator 3000 series. It is possible to execute some FTP statements without authentication (CWD, RNFR, MKD, RMD, SIZE, CDUP). It also appears to have some memory leak bugs when working with CWD commands. This module simply creates an arbitrary directory, verifies that the directory has been created, then deletes it and verifies deletion to confirm the bug.
idMSF:AUXILIARY/ADMIN/CISCO/VPN_3000_FTP_BYPASS
last seen2020-06-12
modified2017-11-08
published2009-07-06
referenceshttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4313
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/admin/cisco/vpn_3000_ftp_bypass.rb
titleCisco VPN Concentrator 3000 FTP Unauthorized Administrative Access

References