cisco vpn concentrator 3000 prior 3.5.4 extended enumeration.plugin

来自「全面网络扫描器VB源代码 很实用」· PLUGIN 代码 · 共 52 行

<plugin_id>229</plugin_id>
<plugin_name>Cisco VPN Concentrator 3000 prior 3.5.4 extended enumeration</plugin_name>
<plugin_family>Network devices</plugin_family>
<plugin_created_date>2004/09/15</plugin_created_date>
<plugin_created_name>Marc Ruef</plugin_created_name>
<plugin_created_email>marc dot ruef at computec dot ch</plugin_created_email>
<plugin_created_web>http://www.computec.ch</plugin_created_web>
<plugin_created_company>computec.ch</plugin_created_company>
<plugin_updated_name>Marc Ruef</plugin_updated_name>
<plugin_updated_email>marc dot ruef at computec dot ch</plugin_updated_email>
<plugin_updated_web>http://www.computec.ch</plugin_updated_web>
<plugin_updated_company>computec.ch</plugin_updated_company>
<plugin_updated_date>2004/11/14</plugin_updated_date>
<plugin_version>2.0</plugin_version>
<plugin_changelog>Corrected the plugin structure and added the accuracy values in 1.1. Improved the pattern matching and introduced the plugin changelog in 2.0</plugin_changelog>
<plugin_protocol>tcp</plugin_protocol>
<plugin_port>80</plugin_port>
<plugin_procedure_detection>open|send GET /ATKnonexistent.htm HTTP/1.0\n\n|sleep|close|pattern_exists HTTP/#.# 200 *<b>Software Version:</b>*Cisco Systems, Inc./VPN 3000 Concentrator Version*</plugin_procedure_detection>
<plugin_detection_accuracy>90</plugin_detection_accuracy>
<plugin_comment>This plugin should be very accurate. But is not tested!</plugin_comment>
<bug_published_email>security at cisco dot com</bug_published_email>
<bug_published_web>http://www.cisco.com</bug_published_web>
<bug_published_company>Cisco</bug_published_company>
<bug_published_date>2004/09/03</bug_published_date>
<bug_advisory>http://www.securityfocus.com/advisories/4446</bug_advisory>
<bug_produced_name>Cisco Systems</bug_produced_name>
<bug_produced_email>info at cisco dot com</bug_produced_email>
<bug_produced_web>http://www.cisco.com</bug_produced_web>
<bug_affected>Cisco VPN Concentrator 3000 prior 3.5.4</bug_affected>
<bug_not_affected>Cisco VPN Concentrator 3000 3.5.4 or newer, other Cisco products or network devices by other vendors</bug_not_affected>
<bug_vulnerability_class>Configuration</bug_vulnerability_class>
<bug_description>The target is a Cisco VPN Concentrator 3000. These may be vulnerable to extended enumeration. They gives out too much information in application layer banners. These could be used for further enumeration or dedicated attacks.</bug_description>
<bug_solution>Upgrade your Cisco firmware and filter incoming traffic on port tcp/80. As workaround (disabling the web service) you could add the rule set web disabled, write, reboot into your device. See http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml for more details.</bug_solution>
<bug_fixing_time>Approx. 30 minutes</bug_fixing_time>
<bug_exploit_availability>Yes</bug_exploit_availability>
<bug_exploit_url>http://www.securityfocus.com/bid/5624/exploit/</bug_exploit_url>
<bug_remote>Yes</bug_remote>
<bug_local>No</bug_local>
<bug_severity>Medium</bug_severity>
<bug_popularity>6</bug_popularity>
<bug_simplicity>7</bug_simplicity>
<bug_impact>6</bug_impact>
<bug_risk>6</bug_risk>
<bug_nessus_risk>Low</bug_nessus_risk>
<bug_check_tool>Nessus is also able to do the same check.</bug_check_tool>
<source_cve>CAN-2002-1094</source_cve>
<source_securityfocus_bid>5624</source_securityfocus_bid>
<source_nessus_id>14718</source_nessus_id>
<source_literature>Hacking Exposed: Network Security Secrets & Solutions, Stuart McClure, Joel Scambray and George Kurtz, February 25, 2003, 4th Edition, McGraw-Hill Osborne Media, ISBN 0072227427</source_literature>
<source_misc>http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml</source_misc>