Cisco VPN Concentrator SSH Banner可导致设备信息泄露发布时间:2002-09-10 更新时间:2002-09-10 严重程度:中 威胁程度:服务器信息泄露 错误类型:设计错误 利用方式:服务器模式 BUGTRAQ ID:5621 受影响系统 Cisco VPN 3000 Concentrator 2.0详细描述 Cisco VPN 3000 series concentrators是一系列通过VPN进行安全通信的产品。 在部分环境下,可能导致远程用户访问敏感信息,SSH BANNER信息会泄露涉及会话先观的信息,通过收集这些信息,可以对网络进一步攻击。 测试代码 无 解决方案 联系供应商固件升级: Cisco VPN 3002 Hardware Client : Cisco VPN 3000 Concentrator 2.0: Cisco VPN 3000 Concentrator 2.5.2 (F): Cisco VPN 3000 Concentrator 2.5.2 (D): Cisco VPN 3000 Concentrator 2.5.2 (C): Cisco VPN 3000 Concentrator 2.5.2 (B): Cisco VPN 3000 Concentrator 2.5.2 (A): Cisco VPN 3000 Concentrator 3.0 (Rel): Cisco VPN 3000 Concentrator 3.0: Cisco VPN 3000 Concentrator 3.0.3 (B): Cisco VPN 3000 Concentrator 3.0.3 (A): Cisco VPN 3000 Concentrator 3.0.4: Cisco VPN 3000 Concentrator 3.1 (Rel): Cisco VPN 3000 Concentrator 3.1: Cisco VPN 3000 Concentrator 3.1.1: Cisco VPN 3000 Concentrator 3.1.2: Cisco VPN 3000 Concentrator 3.1.4: Cisco VPN 3000 Concentrator 3.5 (Rel): Cisco Upgrade VPN 3000 Concentrator 3.5.4 http://www.cisco.com/tac Cisco VPN 3000 Concentrator 3.5.1: Cisco Upgrade VPN 3000 Concentrator 3.5.4 http://www.cisco.com/tac Cisco VPN 3000 Concentrator 3.5.2: Cisco Upgrade VPN 3000 Concentrator 3.5.4 http://www.cisco.com/tac Cisco VPN 3000 Concentrator 3.5.3: Cisco Upgrade VPN 3000 Concentrator 3.5.4 http://www.cisco.com/tac 相关信息 Cisco Security Advisory. 参考:http://online.securityfocus.com/advisories/4446 |
