Vulnerability Name:

CVE-2006-0483 (CCN-24330)

Assigned:2006-01-26
Published:2006-01-26
Updated:2018-10-30
Summary:Cisco VPN 3000 series concentrators running software 4.7.0 through 4.7.2.A allow remote attackers to cause a denial of service (device reload or user disconnect) via a crafted HTTP packet.
CVSS v3 Severity:7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:7.8 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Denial of Service
References:Source: CCN
Type: VulnWatch Mailing List, Tue Jan 31 2006 - 14:18:28 CST
Re: [VulnWatch] Cisco Security Advisory: Cisco VPN 3000 Concentrator Vulnerable to Crafted HTTP Attack

Source: MITRE
Type: CNA
CVE-2006-0483

Source: CCN
Type: SA18629
Cisco VPN 3000 Concentrator HTTP Packet Denial of Service

Source: SECUNIA
Type: Patch, Vendor Advisory
18629

Source: SREASON
Type: UNKNOWN
375

Source: CCN
Type: SECTRACK ID: 1015546
Cisco VPN 3000 Concentrator Bug in HTTP Service Lets Remote Users Deny Service

Source: SECTRACK
Type: UNKNOWN
1015546

Source: CCN
Type: cisco-sa-20060126-vpn
Cisco Security Advisory: Cisco VPN 3000 Concentrator Vulnerable to Crafted HTTP Attack

Source: CISCO
Type: Patch, Vendor Advisory
20060126 Cisco VPN 3000 Concentrator Vulnerable to Crafted HTTP Attack

Source: CCN
Type: eSentire, Inc. Security News
eSENTIRE discovers a Cisco VPN Denial of Service (DoS)

Source: OSVDB
Type: UNKNOWN
22754

Source: CCN
Type: OSVDB ID: 22754
Cisco VPN 3000 Concentrator Crafted HTTP Packet DoS

Source: BID
Type: UNKNOWN
16394

Source: CCN
Type: BID-16394
Cisco VPN 3000 Concentrator Malformed HTTP/TCP Packet Remote Denial of Service Vulnerability

Source: VUPEN
Type: UNKNOWN
ADV-2006-0346

Source: XF
Type: UNKNOWN
cisco-vpn-http-dos(24330)

Source: XF
Type: UNKNOWN
cisco-vpn-http-dos(24330)

Vulnerable Configuration:Configuration 1:
  • cpe:/o:cisco:vpn_3000_concentrator_series_software:4.7:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:vpn_3000_concentrator_series_software:4.7(rel):*:*:*:*:*:*:*
  • OR cpe:/o:cisco:vpn_3000_concentrator_series_software:4.7.1:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:vpn_3000_concentrator_series_software:4.7.1.f:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:vpn_3000_concentrator_series_software:4.7.2:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:vpn_3000_concentrator_series_software:4.7.2.a:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:vpn_3030_concentator:4.7(rel):*:*:*:*:*:*:*
  • OR cpe:/o:cisco:vpn_3030_concentator:4.7.1:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:vpn_3030_concentator:4.7.1.f:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:vpn_3030_concentator:4.7.2:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:vpn_3030_concentator:4.7.2.a:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    cisco vpn 3000 concentrator series software 4.7
    cisco vpn 3000 concentrator series software 4.7(rel)
    cisco vpn 3000 concentrator series software 4.7.1
    cisco vpn 3000 concentrator series software 4.7.1.f
    cisco vpn 3000 concentrator series software 4.7.2
    cisco vpn 3000 concentrator series software 4.7.2.a
    cisco vpn 3030 concentator 4.7(rel)
    cisco vpn 3030 concentator 4.7.1
    cisco vpn 3030 concentator 4.7.1.f
    cisco vpn 3030 concentator 4.7.2
    cisco vpn 3030 concentator 4.7.2.a