Cisco VPN 3000 Concertrator Malformed IP Packet Vulnerability

The VPN 3000 Concentrator is a virtual private networking device distributed by Cisco Systems. The VPN 3000 Concentrator is designed to facilitate communications between two remote sites, providing the security cryptographic transit and the convience of seamless operation.

A problem with the VPN 3000 firmware could allow a denial of service to legitimate users of the device. Upon receipt of a custom crafted IP packet with specific options, the device becomes unstable. CPU utilization reaches 100 percent, and the system crashes, requiring a power cycling for the device to resume normal operation. No details on the nature of the IP packet, or specifically what options set within the packet are available.

Therefore, it is possible for a remote user to send a custom crafted IP packet with specific options to a VPN 3000 Concentrator, and deny service to legitimate users of network resources.


 

Privacy Statement
Copyright 2010, SecurityFocus