Vulnerability in Cisco's 3000-series VPN concentrators running WebVPN

Published 16 February 2006

A security researcher found that the vulnerability in Cisco’s 3000-series VPN concentrators running WebVPN extends to all versions of the product. Eldon Sprickerhoff, who spoke at January’s Shmoocon security gathering, said the vulnerability may be obscure, but it is easy to take advantage of: A relatively small stream directed to TCP/80 may cause a concentrator running the WebVPN service to drop all its connections. Cisco has acknowledged the problem and confirmed that an advisory update will be forthcoming. Note that Cisco has attempted to patch the vulnerability in the past, most recently in its version 4.7.2B release, but the fact that the hole still exists means that it may well be present in subsequent releases 4.7.2C and 4.7.2D. It is not clear whether the problematic code has been reused in the WebVPN service module in Cisco’s current Self-Defending Network security strategy.

-read more in this Apani report