CVE-2006-4313
First published: Wed Aug 23 2006(Updated: )
Multiple unspecified vulnerabilities in Cisco VPN 3000 series concentrators before 4.1, 4.1.x up to 4.1(7)L, and 4.7.x up to 4.7(2)F allow attackers to execute the (1) CWD, (2) MKD, (3) CDUP, (4) RNFR, (5) SIZE, and (6) RMD FTP commands to modify files or create and delete directories via unknown vectors.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco VPN 3000 concentrator series software | =4.0 | |
| Cisco VPN 3000 concentrator series software | =4.0.1 | |
| Cisco VPN 3000 concentrator series software | =4.0.5.b | |
| Cisco VPN 3000 concentrator series software | =4.1.5.b | |
| Cisco VPN 3000 concentrator series software | =4.1.7.a | |
| Cisco VPN 3000 concentrator series software | =4.1.7.b | |
| Cisco VPN 3000 concentrator series software | =4.1.7.l | |
| Cisco VPN 3000 concentrator series software | =4.7 | |
| Cisco VPN 3000 concentrator series software | =4.7.1 | |
| Cisco VPN 3000 concentrator series software | =4.7.1.f | |
| Cisco VPN 3000 concentrator series software | =4.7.2.f |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.cisco.com/warp/public/707/cisco-sa-20060823-vpn3k.shtml
- http://www.securityfocus.com/bid/19680
- http://securitytracker.com/id?1016737
- http://secunia.com/advisories/21617
- http://www.osvdb.org/28138
- http://www.osvdb.org/28139
- http://www.vupen.com/english/advisories/2006/3368
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28539
Frequently Asked Questions
What is the severity of CVE-2006-4313?
CVE-2006-4313 is classified with a high severity due to its potential to allow unauthorized file modifications and directory management.
How do I fix CVE-2006-4313?
To address CVE-2006-4313, upgrade the Cisco VPN 3000 series concentrators to versions beyond 4.1(7)L or 4.7(2)F.
Which devices are affected by CVE-2006-4313?
CVE-2006-4313 affects various models of the Cisco VPN 3000 series concentrators running specific versions before the patched releases.
What commands can attackers execute due to CVE-2006-4313?
Attackers can execute the FTP commands CWD, MKD, CDUP, RNFR, SIZE, and RMD to manipulate files and directories.
What are the possible impacts of CVE-2006-4313?
The impacts of CVE-2006-4313 include unauthorized access to file systems, leading to potential data corruption and loss.
- agent/references
- agent/softwarecombine
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/remedy
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/event
- agent/first-publish-date
- agent/description
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/cisco
- canonical/cisco vpn 3000 concentrator series software
- version/cisco vpn 3000 concentrator series software/4.0
- version/cisco vpn 3000 concentrator series software/4.0.1
- version/cisco vpn 3000 concentrator series software/4.0.5.b
- version/cisco vpn 3000 concentrator series software/4.1.5.b
- version/cisco vpn 3000 concentrator series software/4.1.7.a
- version/cisco vpn 3000 concentrator series software/4.1.7.b
- version/cisco vpn 3000 concentrator series software/4.1.7.l
- version/cisco vpn 3000 concentrator series software/4.7
- version/cisco vpn 3000 concentrator series software/4.7.1
- version/cisco vpn 3000 concentrator series software/4.7.1.f
- version/cisco vpn 3000 concentrator series software/4.7.2.f