CVE-2006-4313

Cisco VPN 3000 series - Multiple Vulns

Title source: llm

Description

Multiple unspecified vulnerabilities in Cisco VPN 3000 series concentrators before 4.1, 4.1.x up to 4.1(7)L, and 4.7.x up to 4.7(2)F allow attackers to execute the (1) CWD, (2) MKD, (3) CDUP, (4) RNFR, (5) SIZE, and (6) RMD FTP commands to modify files or create and delete directories via unknown vectors.

Exploits (1)

metasploit WORKING POC

by aushack · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/networking/cisco_vpn_3000_ftp_bypass.rb

View Code ZIP pw:eip

References (8)

[Patch] http://www.cisco.com/warp/public/707/cisco-sa-20060823-vpn3k.shtml

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/28539

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/19680

[Third Party Advisory, VDB Entry] http://www.osvdb.org/28138

[Third Party Advisory, VDB Entry] http://www.osvdb.org/28139

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1016737

[Third Party Advisory] http://secunia.com/advisories/21617

[Third Party Advisory] http://www.vupen.com/english/advisories/2006/3368

Scores

EPSS 0.6766

EPSS Percentile 98.6%

Details

Status published

Products (11)

cisco/vpn_3000_concentrator_series_software 4.0

cisco/vpn_3000_concentrator_series_software 4.0.1

cisco/vpn_3000_concentrator_series_software 4.0.5.b

cisco/vpn_3000_concentrator_series_software 4.1.5.b

cisco/vpn_3000_concentrator_series_software 4.1.7.a

cisco/vpn_3000_concentrator_series_software 4.1.7.b

cisco/vpn_3000_concentrator_series_software 4.1.7.l

cisco/vpn_3000_concentrator_series_software 4.7

cisco/vpn_3000_concentrator_series_software 4.7.1

cisco/vpn_3000_concentrator_series_software 4.7.1.f

... and 1 more

Published Aug 23, 2006

Tracked Since Feb 18, 2026