安全研究
安全漏洞
Cisco VPN集中器IPSec远程端口连接漏洞
发布日期:2003-05-07
更新日期:2003-05-13
受影响系统:
Cisco VPN 3000 Concentrator 4.0不受影响系统:
Cisco VPN 3000 Concentrator 3.6.7 D
Cisco VPN 3000 Concentrator 3.6.1
Cisco VPN 3000 Concentrator 3.6
Cisco VPN 3000 Concentrator 3.5.5
Cisco VPN 3000 Concentrator 3.5.4
Cisco VPN 3000 Concentrator 3.5.3
Cisco VPN 3000 Concentrator 3.5.2
Cisco VPN 3000 Concentrator 3.5.1
Cisco VPN 3000 Concentrator 3.5 (Rel)
Cisco VPN 3000 Concentrator 3.1.4
Cisco VPN 3000 Concentrator 3.1.2
Cisco VPN 3000 Concentrator 3.1.1
Cisco VPN 3000 Concentrator 3.1 (Rel)
Cisco VPN 3000 Concentrator 3.1
Cisco VPN 3002 Hardware Client
Cisco VPN 3005 Concentrator 4.0.1
Cisco VPN 3005 Concentrator 4.0
Cisco VPN 3005 Concentrator 3.6.7 D
Cisco VPN 3005 Concentrator 3.6.7 C
Cisco VPN 3005 Concentrator 3.6.7 B
Cisco VPN 3005 Concentrator 3.6.7 A
Cisco VPN 3005 Concentrator 3.6.7
Cisco VPN 3005 Concentrator 3.6.5
Cisco VPN 3005 Concentrator 3.6.3
Cisco VPN 3015 Concentrator
Cisco VPN 3030 Concentrator
Cisco VPN 3060 Concentrator
Cisco VPN 3080 Concentrator
Cisco VPN 3000 Concentrator 3.1.4描述:
Cisco VPN 3000 Concentrator 3.1.2
Cisco VPN 3000 Concentrator 3.1.1
Cisco VPN 3000 Concentrator 3.1 (Rel)
Cisco VPN 3000 Concentrator 3.1
Cisco VPN 3000 Concentrator 3.0.4
Cisco VPN 3000 Concentrator 3.0.3 (B)
Cisco VPN 3000 Concentrator 3.0.3 (A)
Cisco VPN 3000 Concentrator 3.0
Cisco VPN 3000 Concentrator 3.0
Cisco VPN 3000 Concentrator 2.5.2 (F)
Cisco VPN 3000 Concentrator 2.5.2 (D)
Cisco VPN 3000 Concentrator 2.5.2 (C)
Cisco VPN 3000 Concentrator 2.5.2 (B)
Cisco VPN 3000 Concentrator 2.5.2 (A)
Cisco VPN 3000 Concentrator 2.0
BUGTRAQ ID: 7516
CVE(CAN) ID: CVE-2003-0258
Cisco VPN系列集中器由通用的远程访问虚拟专网(VPN)平台和将高可用性、高性能和可扩展性与当今最先进的加密和认证技术结合在一起的客户机软件组成,它可以为专业运营商或企业用户提供服务。
Cisco VPN集中器没有正确处理进入使能IPSEC over TCP端口的通信,远程攻击者可以利用这个漏洞访问集中器后的对应的系统端口,访问保护的资源。
如果VPN 3000系列集中器指定某个端口使能IPSec over TCP通信的情况下,由于对进入的通信缺少正确检查,允许TCP通信通过集中器,访问私有网络。
例如,如果配置IPSec over TCP使用80端口,私有网络可从外部网络路由。在公共网络上的工作站就可以利用这个VPN集中器,无需认证访问私有网络中的服务于80端口的WEB服务系统。另外一个例子是,如果IPSec over TCP没有配置使用80端口,但配置成默认的10000端口,并且私有网络中对此端口有telnet连接监听服务,外部公共网络中的工作站就可以无需验证telnet这个服务。
此CISCO BUG ID为:CSCea77143
<*来源:Cisco Systems Product Security Incident Response Team (psirt@cisco.com)
链接:http://www.cisco.com/warp/public/707/cisco-sa-20030507-vpn3k.shtml
*>
建议:
临时解决方法:
如果您不能立刻安装补丁或者升级,NSFOCUS建议您采取以下措施以降低威胁:
* 增加对私有接口的规则,限制在VPN集中器上IPSec over TCP使用的端口的外出通信,这不能阻止从外部网络访问VPN 300集中器的通信,但是能阻止访问内容网络的通信。
厂商补丁:
Cisco
-----
Cisco已经为此发布了一个安全公告(cisco-sa-20030507-vpn3k)以及相应补丁:
cisco-sa-20030507-vpn3k:Cisco VPN 3000 Concentrator Vulnerabilities
链接:http://www.cisco.com/warp/public/707/cisco-sa-20030507-vpn3k.shtml
补丁下载:
CISCO已经提供如下补丁:
Cisco VPN 3002 Hardware Client :
Cisco Upgrade VPN 3002 Hardware Client 3.6.7F
http://www.cisco.com
Cisco Upgrade VPN 3002 Hardware Client 4.0.1
http://www.cisco.com
Cisco VPN 3015 Concentrator :
Cisco Upgrade VPN 3015 Concentrator 3.6.7F
http://www.cisco.com
Cisco Upgrade VPN 3015 Concentrator 4.0.1
http://www.cisco.com
Cisco VPN 3030 Concentrator :
Cisco Upgrade VPN 3030 Concentrator 3.6.7F
http://www.cisco.com
Cisco Upgrade VPN 3030 Concentrator 4.0.1
http://www.cisco.com
Cisco VPN 3060 Concentrator :
Cisco Upgrade VPN 3060 Concentrator 3.6.7F
http://www.cisco.com
Cisco Upgrade VPN 3060 Concentrator 4.0.1
http://www.cisco.com
Cisco VPN 3080 Concentrator :
Cisco Upgrade VPN 3080 Concentrator 3.6.7F
http://www.cisco.com
Cisco Upgrade VPN 3080 Concentrator 4.0.1
http://www.cisco.com
Cisco VPN 3000 Concentrator 3.5 (Rel):
Cisco Upgrade VPN 3000 Concentrator 3.6.7F
http://www.cisco.com
Cisco VPN 3000 Concentrator 3.5.1:
Cisco Upgrade VPN 3000 Concentrator 3.6.7F
http://www.cisco.com
Cisco VPN 3000 Concentrator 3.5.2:
Cisco Upgrade VPN 3000 Concentrator 3.6.7F
http://www.cisco.com
Cisco VPN 3000 Concentrator 3.5.3:
Cisco Upgrade VPN 3000 Concentrator 3.6.7F
http://www.cisco.com
Cisco VPN 3000 Concentrator 3.5.4:
Cisco Upgrade VPN 3000 Concentrator 3.6.7F
http://www.cisco.com
Cisco VPN 3000 Concentrator 3.5.5:
Cisco Upgrade VPN 3000 Concentrator 3.6.7F
http://www.cisco.com
Cisco VPN 3000 Concentrator 3.6:
Cisco Upgrade VPN 3000 Concentrator 3.6.7F
http://www.cisco.com
Cisco VPN 3000 Concentrator 3.6.1:
Cisco Upgrade VPN 3000 Concentrator 3.6.7F
http://www.cisco.com
Cisco VPN 3005 Concentrator 3.6.3:
Cisco Upgrade VPN 3005 Concentrator 3.6.7F
http://www.cisco.com
Cisco VPN 3005 Concentrator 3.6.5:
Cisco Upgrade VPN 3005 Concentrator 3.6.7F
http://www.cisco.com
Cisco VPN 3005 Concentrator 3.6.7 D:
Cisco Upgrade VPN 3005 Concentrator 3.6.7F
http://www.cisco.com
Cisco VPN 3000 Concentrator 3.6.7 D:
Cisco Upgrade VPN 3000 Concentrator 3.6.7F
http://www.cisco.com
Cisco VPN 3005 Concentrator 3.6.7 C:
Cisco Upgrade VPN 3005 Concentrator 3.6.7F
http://www.cisco.com
Cisco VPN 3005 Concentrator 3.6.7 B:
Cisco Upgrade VPN 3005 Concentrator 3.6.7F
http://www.cisco.com
Cisco VPN 3005 Concentrator 3.6.7 A:
Cisco Upgrade VPN 3005 Concentrator 3.6.7F
http://www.cisco.com
Cisco VPN 3005 Concentrator 3.6.7:
Cisco Upgrade VPN 3005 Concentrator 3.6.7F
http://www.cisco.com
Cisco VPN 3005 Concentrator 4.0:
Cisco Upgrade VPN 3005 Concentrator 4.0.1
http://www.cisco.com
Cisco VPN 3000 Concentrator 4.0:
Cisco Upgrade VPN 3000 Concentrator 4.0.1
http://www.cisco.com
Cisco为所有受影响客户提供免费的软件升级来修正这些漏洞,客户只能获得和安装他们所购买的功能类别相关的技术支持。通过安装,下载,访问或使用这些软件升级,客户必须同意CISCO软件许可条例中的条例:
http://www.cisco.com/public/sw-license-agreement.html
或由Cisco连接在线软件中心的声明:
http://www.cisco.com/public/sw-center/sw-usingswc.shtm.
拥有服务合同的客户必须连接他们常规升级渠道获得由此公告指定的免费升级软件。对于大多数拥有服务合同的客户,这意味着升级必须通过CISCO全球WEB站软件中心获得:
http://www.cisco.com/public/sw-center/vpn/3000/
要访问此下载URL,你必须是注册用户和必须登录后才能使用。
事先或目前与第三方支持组织,如Cisco合作伙伴、授权零售商或服务商之间已有协议,由第三方组织提供Cisco产品或技术支持的用户可免费获得升级支持。
直接从Cisco购买产品但没有Cisco服务合同的用户和由第三方厂商购买产品但无法从销售方获得已修复软件的用户可从Cisco技术支持中心(TAC)获取升级软件。TAC联系方法:
* +1 800 553 2447 (北美地区免话费)
* +1 408 526 7209 (全球收费)
* e-mail: tac@cisco.com
查看 http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml 获取额外的TAC联系信息,包括特别局部的电话号码,各种语言的指南和EMAIL地址。
浏览次数:3148
严重程度:0(网友投票)
绿盟科技给您安全的保障