Cisco VPN 3000 Concentrator PPTP No Encryption Option Remote DoS (CSCdx39981)

medium Nessus Plugin ID 11295

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

The remote VPN concentrator is subject to a VPN client authentication vulnerability that can force a reload of the concentrator when a very large string for the username prompt is sent.

This vulnerability is documented as Cisco bug ID CSCdx39981.

Solution

http://www.nessus.org/u?d2dd6759

Plugin Details

Severity: Medium

ID: 11295

File Name: CSCdx39981.nasl

Version: 1.20

Type: local

Family: CISCO

Published: 3/1/2003

Updated: 6/27/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: cpe:/o:cisco:ios

Required KB Items: SNMP/sysDesc, SNMP/community, CISCO/model

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 9/3/2002

Reference Information

CVE: CVE-2002-1095

BID: 5625

Detections

Analytics