Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   


Try our Premium Alert Service
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Become a Partner and License Our Database or Notification Service

Category:   Device (Router/Bridge/Hub)  >   Cisco VPN 3000 Concentrator Vendors:   Cisco
Cisco VPN 3000 Concentrator Bug in HTTP Service Lets Remote Users Deny Service
SecurityTracker Alert ID:  1015546
SecurityTracker URL:
CVE Reference:   CVE-2006-0483   (Links to External Site)
Updated:  Apr 26 2006
Original Entry Date:  Jan 26 2006
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 4.7.0 through 4.7.2.B
Description:   A vulnerability was reported in Cisco VPN 3000 Concentrator. A remote user can cause denial of service conditions.

A remote user can send a small series of specially crafted HTTP packet to the target concentrator to cause the target device to halt and drop user connections. A remote user can also generate connections to the HTTP port to cause excessive memory and other resource consumption. As a result, concentrator may stall and drop user connections.

In both cases, the power must be reset to return the system to normal operations.

The system is only vulnerable if the HTTP service is enabled (the default configuration).

Only HTTP packets sent to the target device can exploit this flaw. HTTP traffic that traverses the device cannot exploit this flaw.

Models 3005, 3015, 3020, 3030, 3060, and 3080 are affected.

Cisco has assigned Bug ID CSCsb77324 and CSCsd26340 to this vulnerability.

This vulnerability was discovered by Eldon Sprickerhoff of eSentire and disclosed at the ShmooCon security conference on January 12, 2006.

Impact:   A remote user can cause the target device to halt. User connections will be dropped. A power reset is required to return the system to normal operations.
Solution:   The vendor has issued a new version (4.7.2.F and later), available at:

The vendor's advisory is available at:

Vendor URL: (Links to External Site)
Cause:   Exception handling error

Message History:   None.

 Source Message Contents

[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

Copyright 2018, LLC