Vulnerabilities > Cisco > VPN 3000 Concentrator Series Software > 3.6

DATE CVE VULNERABILITY TITLE RISK
2006-06-19 CVE-2006-3073 Cross-Site Scripting vulnerability in Cisco VPN3K/ASA WebVPN Clientless Mode
Multiple cross-site scripting (XSS) vulnerabilities in the WebVPN feature in the Cisco VPN 3000 Series Concentrators and Cisco ASA 5500 Series Adaptive Security Appliances (ASA), when in WebVPN clientless mode, allow remote attackers to inject arbitrary web script or HTML via the domain parameter in (1) dnserror.html and (2) connecterror.html, aka bugid CSCsd81095 (VPN3k) and CSCse48193 (ASA).
network
high complexity
cisco
2.6
2005-03-30 CVE-2005-0943 Remote Denial of Service vulnerability in Cisco VPN 3000 Concentrator
Cisco VPN 3000 series Concentrator running firmware 4.1.7.A and earlier allows remote attackers to cause a denial of service (device reload or drop user connection) via a crafted HTTPS packet.
network
low complexity
cisco
5.0
2003-05-27 CVE-2003-0260 Denial-Of-Service vulnerability in VPN 3000 Concentrator
Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 2.x.x through 3.6.7A allow remote attackers to cause a denial of service (slowdown and possibly reload) via a flood of malformed ICMP packets.
network
low complexity
cisco
5.0
2003-05-27 CVE-2003-0259 Denial-Of-Service vulnerability in VPN 3000 Concentrator
Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 2.x.x through 3.6.7 allows remote attackers to cause a denial of service (reload) via a malformed SSH initialization packet.
network
low complexity
cisco
5.0
2003-05-27 CVE-2003-0258 Remote Security vulnerability in VPN 3000 Concentrator
Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 3.5.x through 4.0.REL, when enabling IPSec over TCP for a port on the concentrator, allow remote attackers to reach the private network without authentication.
network
low complexity
cisco
7.5
2002-10-04 CVE-2002-1092 Authentication External Access vulnerability in Cisco Internal Group
Cisco VPN 3000 Concentrator 3.6(Rel) and earlier, and 2.x.x, when configured to use internal authentication with group accounts and without any user accounts, allows remote VPN clients to log in using PPTP or IPSEC user authentication.
network
low complexity
cisco
7.5