Cisco Vpn 3005 Concentrator Software vulnerabilities
5 known vulnerabilities affecting cisco/vpn_3005_concentrator_software.
Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2006-3906MEDIUMCVSS 5.0v4.0.12006-07-27
CVE-2006-3906 [MEDIUM] CVE-2006-3906: Internet Key Exchange (IKE) version 1 protocol, as implemented on Cisco IOS, VPN 3000 Concentrators,
Internet Key Exchange (IKE) version 1 protocol, as implemented on Cisco IOS, VPN 3000 Concentrators, and PIX firewalls, allows remote attackers to cause a denial of service (resource exhaustion) via a flood of IKE Phase-1 packets that exceed the session expiration rate. NOTE: it has been argued that this is due to a design weakness of the IKE version 1 protoc
nvd
CVE-2005-4499HIGHCVSS 7.5v4.0.12005-12-22
CVE-2005-4499 [HIGH] CVE-2005-4499: The Downloadable RADIUS ACLs feature in Cisco PIX and VPN 3000 concentrators, when creating an ACL o
The Downloadable RADIUS ACLs feature in Cisco PIX and VPN 3000 concentrators, when creating an ACL on the Cisco Secure Access Control Server (CS ACS), generates a random internal name for an ACL that is also used as a hidden user name and password, which allows remote attackers to gain privileges by sniffing the username from the cleartext portion of a RADIUS s
nvd
CVE-2005-2025MEDIUMCVSS 5.0v4.0.12005-06-20
CVE-2005-2025 [MEDIUM] CVE-2005-2025: Cisco VPN 3000 Concentrator before 4.1.7.F allows remote attackers to determine valid groupnames by
Cisco VPN 3000 Concentrator before 4.1.7.F allows remote attackers to determine valid groupnames by sending an IKE Aggressive Mode packet with the groupname in the ID field, which generates a response if the groupname is valid, but does not generate a response for an invalid groupname.
nvd
CVE-2005-0943MEDIUMCVSS 5.0v4.0.12005-03-30
CVE-2005-0943 [MEDIUM] CVE-2005-0943: Cisco VPN 3000 series Concentrator running firmware 4.1.7.A and earlier allows remote attackers to c
Cisco VPN 3000 series Concentrator running firmware 4.1.7.A and earlier allows remote attackers to cause a denial of service (device reload or drop user connection) via a crafted HTTPS packet.
nvd
CVE-2003-0258HIGHCVSS 7.5v4.0.12003-05-27
CVE-2003-0258 [HIGH] CVE-2003-0258: Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 3.5.x through 4.0.REL, when e
Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 3.5.x through 4.0.REL, when enabling IPSec over TCP for a port on the concentrator, allow remote attackers to reach the private network without authentication.
nvd