Vulnerability Name:

CVE-2006-4313 (CCN-28539)

Assigned:2006-08-23
Published:2006-08-23
Updated:2018-10-30
Summary:Multiple unspecified vulnerabilities in Cisco VPN 3000 series concentrators before 4.1, 4.1.x up to 4.1(7)L, and 4.7.x up to 4.7(2)F allow attackers to execute the (1) CWD, (2) MKD, (3) CDUP, (4) RNFR, (5) SIZE, and (6) RMD FTP commands to modify files or create and delete directories via unknown vectors.
CVSS v3 Severity:4.8 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
4.1 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N/E:F/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
4.0 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N)
3.3 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N/E:F/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2006-4313

Source: CCN
Type: SA21617
Cisco VPN 3000 Concentrator FTP Management Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
21617

Source: CCN
Type: SECTRACK ID: 1016737
Cisco VPN 3000 Concentrator Lets Remote Users Access Certain FTP Commands

Source: SECTRACK
Type: UNKNOWN
1016737

Source: CCN
Type: cisco-sa-20060823-vpn3k
Cisco Security Advisory: Cisco VPN 3000 Concentrator FTP Management Vulnerabilities

Source: CISCO
Type: Patch
20060823 Cisco VPN 3000 Concentrator FTP Management Vulnerabilities

Source: OSVDB
Type: UNKNOWN
28138

Source: OSVDB
Type: UNKNOWN
28139

Source: CCN
Type: OSVDB ID: 28138
Cisco VPN 3000 Concentrator FTP Management Unauthorized Command Execution (CSCse10733)

Source: CCN
Type: OSVDB ID: 28139
Cisco VPN 3000 Concentrator FTP Management Unauthorized Command Execution (CSCse10753)

Source: BID
Type: UNKNOWN
19680

Source: CCN
Type: BID-19680
Cisco VPN 3000 Concentrator FTP Arbitrary File Access Vulnerability

Source: VUPEN
Type: UNKNOWN
ADV-2006-3368

Source: XF
Type: UNKNOWN
cisco-vpn-ftp-command-execution(28539)

Source: XF
Type: UNKNOWN
cisco-vpn-ftp-command-execute(28539)

Source: CCN
Type: Rapid7 Vulnerability and Exploit Database [08-23-2006]
Cisco VPN Concentrator 3000 FTP Unauthorized Administrative Access

Source: CCN
Type: Rapid7 Vulnerability and Exploit Database [08-23-2006]
Cisco VPN Concentrator 3000 FTP Unauthorized Administrative Access

Vulnerable Configuration:Configuration 1:
  • cpe:/o:cisco:vpn_3000_concentrator_series_software:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:vpn_3000_concentrator_series_software:4.0.1:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:vpn_3000_concentrator_series_software:4.0.5.b:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:vpn_3000_concentrator_series_software:4.1.5.b:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:vpn_3000_concentrator_series_software:4.1.7.a:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:vpn_3000_concentrator_series_software:4.1.7.b:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:vpn_3000_concentrator_series_software:4.1.7.l:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:vpn_3000_concentrator_series_software:4.7:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:vpn_3000_concentrator_series_software:4.7.1:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:vpn_3000_concentrator_series_software:4.7.1.f:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:vpn_3000_concentrator_series_software:4.7.2.f:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:cisco:vpn_3000_concentrator_series_software:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:vpn_3000_concentrator_series_software:4.0.1:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:vpn_3000_concentrator_series_software:4.0.5.b:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:vpn_3000_concentrator_series_software:4.1.5.b:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:vpn_3000_concentrator_series_software:4.1.7.a:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:vpn_3000_concentrator_series_software:4.1.7.b:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:vpn_3000_concentrator_series_software:4.1.7.l:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:vpn_3000_concentrator_series_software:4.7:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:vpn_3000_concentrator_series_software:4.7.1:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:vpn_3000_concentrator_series_software:4.7.1.f:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:vpn_3000_concentrator_series_software:4.7.2.f:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    cisco vpn 3000 concentrator series software 4.0
    cisco vpn 3000 concentrator series software 4.0.1
    cisco vpn 3000 concentrator series software 4.0.5.b
    cisco vpn 3000 concentrator series software 4.1.5.b
    cisco vpn 3000 concentrator series software 4.1.7.a
    cisco vpn 3000 concentrator series software 4.1.7.b
    cisco vpn 3000 concentrator series software 4.1.7.l
    cisco vpn 3000 concentrator series software 4.7
    cisco vpn 3000 concentrator series software 4.7.1
    cisco vpn 3000 concentrator series software 4.7.1.f
    cisco vpn 3000 concentrator series software 4.7.2.f
    cisco vpn 3000 concentrator series software 4.0
    cisco vpn 3000 concentrator series software 4.0.1
    cisco vpn 3000 concentrator series software 4.0.5.b
    cisco vpn 3000 concentrator series software 4.1.5.b
    cisco vpn 3000 concentrator series software 4.1.7.a
    cisco vpn 3000 concentrator series software 4.1.7.b
    cisco vpn 3000 concentrator series software 4.1.7.l
    cisco vpn 3000 concentrator series software 4.7
    cisco vpn 3000 concentrator series software 4.7.1
    cisco vpn 3000 concentrator series software 4.7.1.f
    cisco vpn 3000 concentrator series software 4.7.2.f