Vulnerability CVE-2006-4194

Vulnerability CVE-2006-4194

Published: 2006-08-16 Modified: 2012-02-12

Description:

DISPUTED Unspecified vulnerability in Cisco PIX 500 Series Security Appliances allows remote attackers to send arbitrary UDP packets to intranet devices via unspecified vectors involving Session Initiation Protocol (SIP) fixup commands, a different issue than CVE-2006-4032. NOTE: the vendor, after working with the researcher, has been unable to reproduce the issue.

Type:

CWE-Other

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVSS Base Score	Impact Subscore	Exploitability Subscore
5/10	2.9/10	10/10

Exploit range	Attack complexity	Authentication
Remote	Low	No required
Confidentiality impact	Integrity impact	Availability impact
None	Partial	None

Affected software
Cisco -> Pix firewall
Cisco -> Pix firewall 501
Cisco -> Pix firewall 506
Cisco -> Pix firewall 515
Cisco -> Pix firewall 515e
Cisco -> Pix firewall 520
Cisco -> Pix firewall 525
Cisco -> Pix firewall 535
Cisco -> Pix firewall software

References:

http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1207450,00.html

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/tsd_products_security_response09186a008070d33b.html

http://www.idoel.smilejogja.com/2006/08/14/blinded-by-the-glare-of-facial-piercings-at-black-hat-or-the-one-that-got-away/

http://www.networkworld.com/news/2006/080406-black-hat-unpatched-flaw-revealed.html?t5

http://www.securityfocus.com/bid/19536

Copyright 2024, cxsecurity.com