CVE-2006-4313

Cisco VPN 3000 Series FTP Commands - File Modification

Title source: manual

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-4313. PoCs published by aushack, including Metasploit module auxiliary/admin/networking/cisco_vpn_3000_ftp_bypass.

AI-analyzed exploit summary This Metasploit module exploits an authentication bypass vulnerability in Cisco VPN Concentrator 3000 series via FTP commands (MKD, RMD, SIZE) to create, verify, and delete directories without authentication. It confirms the vulnerability by checking server responses.

Description

Multiple unspecified vulnerabilities in Cisco VPN 3000 series concentrators before 4.1, 4.1.x up to 4.1(7)L, and 4.7.x up to 4.7(2)F allow attackers to execute the (1) CWD, (2) MKD, (3) CDUP, (4) RNFR, (5) SIZE, and (6) RMD FTP commands to modify files or create and delete directories via unknown vectors.

Exploits (1)

metasploit WORKING POC

by aushack · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/networking/cisco_vpn_3000_ftp_bypass.rb

View Code ZIP pw:eip

This Metasploit module exploits an authentication bypass vulnerability in Cisco VPN Concentrator 3000 series via FTP commands (MKD, RMD, SIZE) to create, verify, and delete directories without authentication. It confirms the vulnerability by checking server responses.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Cisco VPN Concentrator 3000 series

No auth needed

Prerequisites: Network access to the target's FTP service (port 21)

MITRE ATT&CK