CVE-2006-4313

4 documents4 sources

Severity

5.0MEDIUM

EPSS

67.7%

top 1.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco VPN 3000 Concentrator Series Software

Timeline

PublishedAug 23

Latest updateMay 1

Description

Multiple unspecified vulnerabilities in Cisco VPN 3000 series concentrators before 4.1, 4.1.x up to 4.1(7)L, and 4.7.x up to 4.7(2)F allow attackers to execute the (1) CWD, (2) MKD, (3) CDUP, (4) RNFR, (5) SIZE, and (6) RMD FTP commands to modify files or create and delete directories via unknown vectors.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDcisco/vpn_3000_concentrator_series_software11 versions+10

Patches

Patch: www.cisco.com ↗Patch: www.cisco.com ↗

🔴Vulnerability Details

GHSA

GHSA-ghgm-j4vc-66gp: Multiple unspecified vulnerabilities in Cisco VPN 3000 series concentrators before 4↗2022-05-01

▶

CVEList

CVE-2006-4313: Multiple unspecified vulnerabilities in Cisco VPN 3000 series concentrators before 4↗2006-08-23

▶

📋Vendor Advisories

Cisco

Cisco VPN 3000 Concentrator FTP Management Vulnerabilities↗2006-08-23

▶