Cisco has warned customers of three vulnerabilities in its Cisco VPN 3000 Series concentrators and VPN 3002 Hardware Client that could allow attackers to see private data or carry out a denial-of-service attack.
There are workarounds to mitigate the effects of these vulnerabilities, and users can protect against them by upgrading to the latest version of code for the devices, according to an advisory from Cisco. The Cisco 3005, 3015, 3030, 3060 and 3080 VPN Concentrators and the Cisco VPN 3002 Hardware Client all may be affected by the vulnerabilities. In one of the vulnerabilities, documented by Cisco as CSCea77143, an interloper could access systems on a private network from a workstation on the public network without any form of authentication. This could happen if IPSec over TCP is enabled on a port on the VPN concentrator. A user could access internal hosts via that port.
Another vulnerability, called CSCdz15393, can be exploited to carry out a DOS attack on the VPN concentrator. A malformed SSH (Secure Shell) initialization packet sent during the initial SSH setup could cause the concentrator to restart.
In the third vulnerability, CSCdt84906, a flood of malformed ICMP (Internet Control Message Protocol) packets could cause a performance degradation on the concentrator or cause it to restart.
The advisory is available here.