Vulnerability CVE-2006-4194


Published: 2006-08-16   Modified: 2012-02-12

Description:
** DISPUTED ** Unspecified vulnerability in Cisco PIX 500 Series Security Appliances allows remote attackers to send arbitrary UDP packets to intranet devices via unspecified vectors involving Session Initiation Protocol (SIP) fixup commands, a different issue than CVE-2006-4032. NOTE: the vendor, after working with the researcher, has been unable to reproduce the issue.

Type:

CWE-Other

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None
Affected software
Cisco -> Pix firewall 
Cisco -> Pix firewall 501 
Cisco -> Pix firewall 506 
Cisco -> Pix firewall 515 
Cisco -> Pix firewall 515e 
Cisco -> Pix firewall 520 
Cisco -> Pix firewall 525 
Cisco -> Pix firewall 535 
Cisco -> Pix firewall software 

 References:
http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1207450,00.html
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/tsd_products_security_response09186a008070d33b.html
http://www.idoel.smilejogja.com/2006/08/14/blinded-by-the-glare-of-facial-piercings-at-black-hat-or-the-one-that-got-away/
http://www.networkworld.com/news/2006/080406-black-hat-unpatched-flaw-revealed.html?t5
http://www.securityfocus.com/bid/19536

Copyright 2024, cxsecurity.com

 

Back to Top