Cisco Systems has warned customers of three vulnerabilities in its Cisco VPN 3000 Series concentrators and VPN 3002 Hardware Client that could allow attackers to see private data or carry out a denial-of-service (DOS) attack.
There were workarounds to mitigate the effects of these vulnerabilities, and users could protect against them by upgrading to the latest version of code for the devices, according to Cisco.
The Cisco 3005, 3015, 3030, 3060 and 3080 V virtual private network (VPN) Concentrators and the Cisco VPN 3002 Hardware Client all may be affected by the vulnerabilities.
In one of the vulnerabilities, documented by Cisco as CSCea77143, an interloper could access systems on a private network from a workstation on the public network without any form of authentication. This could happen if IPSec over Internet Protocol Security over Transmission Control Protocol (TCP) was enabled on a port on the VPN concentrator.
A user could access internal hosts via that port.
Another vulnerability, called CSCdz15393, can be exploited to carry out a DOS attack on the VPN concentrator. A malformed SSH (Secure Shell) initialisation packet sent during the initial SSH setup could cause the concentrator to restart.
In the third vulnerability, CSCdt84906, a flood of malformed ICMP (Internet Control Message Protocol) packets could cause a performance degradation on the concentrator or cause it to restart.
The advisory is available on the Web at http://www.cisco.com/warp/public/707/cisco-sa-20030507-vpn3k.shtml