Next Page >>
Virtual Private Network
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory:
Local Privilege Escalation Vulnerabilities in Cisco VPN Client
Advisory ID: cisco-sa-20070815-vpnclient
http://www.cisco.com/warp/public/707/cisco-sa-20070815-vpnclient.shtml
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Remote Access VPN and SIP Vulnerabilities in
Cisco PIX and Cisco ASA
Advisory ID: cisco-sa-20080903-asa
Revision 1.0
Details
=======
The Cisco AnyConnect Secure Mobility Client is the Cisco
next-generation VPN client, which provides remote users with secure
IPsec (IKEv2) or SSL Virtual Private Network (VPN) connections to
Cisco 5500 Series Adaptive Security Appliances (ASA) and devices that
are running Cisco IOS Software.
The Cisco AnyConnect Secure Mobility Client is affected by the
following vulnerabilities:
Multiple vulnerabilities exist in the Cisco ASA 5500 Series Adaptive
Security Appliances and Cisco PIX Security Appliances. This security
advisory outlines the details of these vulnerabilities:
* VPN Authentication Bypass when Account Override Feature is Used
vulnerability
* Crafted HTTP packet denial of service (DoS) vulnerability
* Crafted TCP Packet DoS vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco IOS SSL VPN Vulnerability
Advisory ID: cisco-sa-20100922-sslvpn
http://www.cisco.com/warp/public/707/cisco-sa-20100922-sslvpn.shtml
Revision 1.0
* TCP Connection Exhaustion Denial of Service Vulnerability
* Session Initiation Protocol (SIP) Inspection Denial of Service
Vulnerabilities
* Skinny Client Control Protocol (SCCP) Inspection Denial of
Service Vulnerability
* WebVPN Datagram Transport Layer Security (DTLS) Denial of Service
Vulnerability
* Crafted TCP Segment Denial of Service Vulnerability
* Crafted Internet Key Exchange (IKE) Message Denial of Service
Vulnerability
* NT LAN Manager version 1 (NTLMv1) Authentication Bypass
Summary
=======
Devices running Cisco IOS versions 12.0S, 12.2, 12.3 or 12.4 and
configured for Multiprotocol Label Switching (MPLS) Virtual Private
Networks (VPNs) or VPN Routing and Forwarding Lite (VRF Lite) and
using Border Gateway Protocol (BGP) between Customer Edge (CE) and
Provider Edge (PE) devices may permit information to propagate
between VPNs.
Workarounds are available to help mitigate this vulnerability.
Vendor description:
-------------------
The SonicWALL Global VPN Client offers an easy-to-use, easy-to-manage
Virtual Private Network (VPN) solution that provides users at
distributed locations with secure, reliable remote access via broadband,
wireless and dial-up connections.
[source: http://www.sonicwall.com/downloads/Global_VPN_DS_US.pdf]
Hi there,
###############################################
TheGreenBow IPSec VPN Client Login Credentials Information Disclosure Vulnerability
Informations
Risk: Low
Typology: Local
Date: 30/03/2008
(3)10 on the 8.0.x release are affected. Cisco ASA or Cisco PIX
security appliances running software version 7.0.x, or 8.1.x are not
vulnerable.
Cisco ASA and Cisco PIX devices running versions 7.1.x and 7.2.x with
WebVPN, SSL VPN, or ASDM enabled are affected by this vulnerability.
Devices running software versions on the 8.0 release that are
configured for Telnet, Secure Shell (SSH), WebVPN, SSL VPN, or ASDM
enabled are affected by this vulnerability.
Note: Devices running IPv4 and IPv6 are affected by this
Trustwave's SpiderLabs Security Advisory TWSL2009-002:
Cisco ASA Web VPN Multiple Vulnerabilities
Published: 2009-06-24 Version: 1.0
Vendor: Cisco Systems, Inc. (http://www.cisco.com)
Versions affected: 8.0(4), 8.1.2, and 8.2.1
Description: Cisco's Adaptive Security Appliance (ASA)
Windows NT Domain Authentication Bypass Vulnerability
+----------------------------------------------------
Because of a Microsoft Windows NT Domain authentication issue the Cisco
ASA and Cisco PIX devices may be susceptible to a VPN authentication
bypass vulnerability. Cisco ASA or Cisco PIX security appliances that
are configured for IPSec or SSL-based remote access VPN using Microsoft
Windows NT Domain authentication may be vulnerable. Devices that are
using any other type of external authentication (that is, LDAP, RADIUS,
TACACS+, SDI, or local database) are not affected by this vulnerability.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Cisco IOS Multicast Virtual Private Network
(MVPN) Data Leak
Advisory ID: cisco-sa-20080326-mvpn
http://www.cisco.com/warp/public/707/cisco-sa-20080326-mvpn.shtml
successful attack may result in a sustained DoS condition. Versions
7.2.x, 8.0.x, 8.1.x, 8.2.x, and 8.3.x are affected by one or more of
these vulnerabilities. A Cisco ASA device configured for any of the
following features is affected:
* Secure Socket Layer Virtual Private Network (SSL VPN)
* When the affected device is configured to accept Cisco Adaptive
Security Device Manager (ASDM) connections
* TLS Proxy for Encrypted Voice Inspection
* Cut-Through Proxy for Network Access when using HTTPS
Cyberoam SSL VPN Client - Plain-text Storage of Username and Password
Vulnerability Summary:
Product: Cyberoam SSL VPN Client v1.0
Vendor: eLiteCore
Website: http://www.cyberoam.com/
Platform: Windows
Vulnerability Classification: Insecure Storage of User Credentials
Issue Fixed in Version: Cyberoam SSL VPN 9.6.0.78
Issue Discovered By: Wasim Halani (washal)
Summary
=======
A series of TCP packets may cause a denial of service (DoS) condition
on Cisco IOS devices that are configured as Easy VPN servers with the
Cisco Tunneling Control Protocol (cTCP) encapsulation feature. Cisco
has released free software updates that address this vulnerability.
No workarounds are available; however, the IPSec NAT traversal
(NAT-T) feature can be used as an alternative.
- Severity: 4/10 (CVSS Base Score)
=============================================
I. VULNERABILITY
-------------------------
Cisco ASA <= 8.x VPN SSL module Clientless URL-list control bypass
II. BACKGROUND
-------------------------
Cisco VPN SSL [1] is a module for Cisco ASA and Cisco Integrated
Services Routers to extend network resources to virtually any remote
engines and to determine if a VAM is present and used in the device,
use the "show crypto engine brief" command, as shown in the following
example:
Router#show crypto engine brief
crypto engine name: Virtual Private Network (VPN) Module
crypto engine type: hardware
State: Enabled
Location: slot 4
VPN Module in slot: 4
Product Name: VAM2+
Router#show running-config | include ip http
no ip http server
ip http secure-server
Router#
* SSL Virtual Private Network (SSL VPN) also known as AnyConnect
VPN
The following example shows a device that has the SSL VPN feature
enabled:
Router#show running-config | include webvpn
Certain Cisco Catalyst 6500 Series and Cisco 7600 Router devices that
run branches of Cisco IOS based on 12.2 can be vulnerable to a denial
of service vulnerability that can prevent any traffic from entering
an affected interface. For a device to be vulnerable, it must be
configured for Open Shortest Path First (OSPF) Sham-Link and Multi
Protocol Label Switching (MPLS) Virtual Private Networking (VPN).
This vulnerability only affects Cisco Catalyst 6500 Series or
Catalyst 7600 Series devices with the Supervisor Engine 32 (Sup32),
Supervisor Engine 720 (Sup720) or Route Switch Processor 720 (RSP720)
modules. The Supervisor 32, Supervisor 720, Supervisor 720-3B,
Supervisor 720-3BXL, Route Switch Processor 720, Route Switch
SEC Consult Security Advisory < 20071204-0 >
=====================================================================================
title: SonicWALL Global VPN Client Format String
Vulnerability
program: SonicWALL Global VPN Client
vulnerable version: < 4.0.0.830
homepage: www.sonicwall.com
found: 06-12-2007
by: lofi42*
perm. link: http://www.sec-consult.com/305.html
=======
Summary
=======
Name: Cisco VPN Client Privilege Escalation
Release Date: 28 June 2011
Reference: NGS00051
Discoverer: Gavin Jones <gavin.jones@ngssecure.com>
Vendor: Cisco
Vendor Reference:
Systems Affected: Cisco VPN client (Windows 64 Bit)
+------------------
Devices running affected versions of Cisco IOS Software are
susceptible if configured with any of the following features:
* Secure Socket Layer (SSL) Virtual Private Network (VPN)
* Secure Shell (SSH)
* Internet Key Exchange (IKE) Encrypted Nonces
Note: Other SSL/HTTPS related features than WebVPN and SSL VPN are
not affected by this vulnerability.
=======
Summary
=======
Name: Cisco IPSec VPN Implementation Group Name Enumeration
Release Date: 22 March 2011
Reference: NGS00014
Discoverer: Gavin Jones
Vendor: Cisco
Vendor Reference: CSCei51783, CSCtj96108
Systems Affected: ASA 5500 Series Adaptive Security Appliances -Cisco PIX 500 Series Security Appliances -Cisco VPN 3000 Series Concentrators (models 3005, 3015, 3020, 3030, 3060, and 3080)
http://labs.idefense.com/intelligence/vulnerabilities/
Jun 01, 2011
I. BACKGROUND
Cisco's AnyConnect VPN solution provides remote access to customers via
the Web browser. This is accomplished through the use of an ActiveX
control. The control itself is provided by the server upon connecting.
Cisco states that AnyConnect VPN supports all Adaptive Security
Appliance (ASA) models. For more information, visit the following URL.
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02507909
Version: 2
HPSBGN02577 SSRT100224 rev.2 - 3Com OfficeConnect Gigabit VPN Firewall (3CREVF100-73), Remote Cross Site Scripting (XSS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2010-09-15
Last Updated: 2010-09-15
Juniper VPN client rdesktop clickhack
================================
discovered by niekt0@hysteria.sk
PRODUCT: Juniper VPN client + Windows remote desktop (or console access)
VERSION AFFECTED: Win Vista/7 + Juniper VPN client (all versions)
EXPOSURE: Remote code execution (SYSTEM privileges)
Product description:
The Comcast DOCSIS 3.0 Business Gateway provides end-user termination of
cable internet services for Comcast Business Class customers with enhanced
services including Network Address Translation (NAT), firewalling, and
Virtual Private Network (VPN) termination.
Credit: Zack Fasel and Matthew Jakubowski of Trustwave's SpiderLabs
Finding 1: Static Credentials
CVE: CVE-2011-0885
http://www.digihax.com
Bulletin Release 02.06.08
Checkpoint SecuRemote/Secure Client NGX Auto Local Logon Vulnerability
(Or, How to Be Bill Gates, if Bill Gates uses a CheckPoint VPN Client)
Discovery Date:
December 13, 2007
Vendor Release Date:
=======
Summary
=======
Name: Permissively-ACLed cvpnd.exe allows interactive users to run
arbitrary binaries with Local System Privileges
Release Date: 16 August 2007
Reference: NGS00503
Discover: Dominic Beecher <dominic@ngssoftware.com>
Vendor: Cisco
Vendor Reference: cisco-sa-20070815-vpnclient
Next Page>>
|
