Test ID:	1.3.6.1.4.1.25623.1.0.14718
Category:	CISCO
Title:	Cisco VPN 3000 Series Concentrator Information Disclosure Vulnerability (CSCdu35577) - Active Check
Summary:	Cisco VPN 3000 series concentrators are prone to an information; disclosure vulnerability.
Description:	Summary: Cisco VPN 3000 series concentrators are prone to an information disclosure vulnerability. Vulnerability Insight: The Cisco VPN 3000 series concentrators give out too much information in application layer banners. The SSH banner gives out information about the device apart from the SSH version numbers. The FTP banner gives information about the device and the local time. An incorrect HTTP page request gives out information about the device, the name of the person who compiled the software and the time of compilation. This vulnerability is documented as Cisco bug ID CSCdu35577. Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2002-1094 BugTraq ID: 5621 http://www.securityfocus.com/bid/5621 BugTraq ID: 5623 http://www.securityfocus.com/bid/5623 BugTraq ID: 5624 http://www.securityfocus.com/bid/5624 Cisco Security Advisory: 20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml http://www.iss.net/security_center/static/10020.php
Copyright	Copyright (C) 2004 Michael J. Richardson

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.