Cisco VPN 3000 Concentrator LAN-to-LAN IPSEC Tunnel Connection Termination DoS (CSCdx54675)

This script is (C) 2003-2014 Tenable Network Security, Inc.


Synopsis :

The remote device is missing a vendor-supplied security patch.

Description :

The remote VPN concentrator is subject to a LAN-to-LAN
IPSEC tunnel vulnerability which allows remote attackers
to cause a denial of service. Existing associations might
be removed when a new connection is made and no check is done
in order to determine if the connection comes from the proper
network.

This vulnerability is documented as Cisco bug ID CSCdx54675

Solution :

http://www.nessus.org/u?d2dd6759

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 3.7
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: CISCO

Nessus Plugin ID: 11296 (CSCdx54675.nasl)

Bugtraq ID: 5622

CVE ID: CVE-2002-1102