2.6

CVE-2006-3073

Exploit

EPSS 0.98%
Published 19.06.2006 10:02:00
Last modified 03.04.2025 01:03:51
Source cve@mitre.org
Teams watchlist Login
Open Login

Multiple cross-site scripting (XSS) vulnerabilities in the WebVPN feature in the Cisco VPN 3000 Series Concentrators and Cisco ASA 5500 Series Adaptive Security Appliances (ASA), when in WebVPN clientless mode, allow remote attackers to inject arbitrary web script or HTML via the domain parameter in (1) dnserror.html and (2) connecterror.html, aka bugid CSCsd81095 (VPN3k) and CSCse48193 (ASA). NOTE: the vendor states that "WebVPN full-network-access mode" is not affected, despite the claims by the original researcher.

Affected products Warnungen 0 Metrics 2 CWE 0 References 12

Data is provided by the National Vulnerability Database (NVD)

Cisco ≫ Asa 5500 Version7.0

Cisco ≫ Asa 5500 Version7.0.4.3

Cisco ≫ Vpn 3000 Concentrator Series Software Version2.0

Cisco ≫ Vpn 3000 Concentrator Series Software Version2.5.2.a

Cisco ≫ Vpn 3000 Concentrator Series Software Version2.5.2.b

Cisco ≫ Vpn 3000 Concentrator Series Software Version2.5.2.c

Cisco ≫ Vpn 3000 Concentrator Series Software Version2.5.2.d

Cisco ≫ Vpn 3000 Concentrator Series Software Version2.5.2.f

Cisco ≫ Vpn 3000 Concentrator Series Software Version3.0

Cisco ≫ Vpn 3000 Concentrator Series Software Version3.0.3.a

Cisco ≫ Vpn 3000 Concentrator Series Software Version3.0.3.b

Cisco ≫ Vpn 3000 Concentrator Series Software Version3.0.4

Cisco ≫ Vpn 3000 Concentrator Series Software Version3.1

Cisco ≫ Vpn 3000 Concentrator Series Software Version3.1.1

Cisco ≫ Vpn 3000 Concentrator Series Software Version3.1.2

Cisco ≫ Vpn 3000 Concentrator Series Software Version3.1.4

Cisco ≫ Vpn 3000 Concentrator Series Software Version3.5.1

Cisco ≫ Vpn 3000 Concentrator Series Software Version3.5.2

Cisco ≫ Vpn 3000 Concentrator Series Software Version3.5.3

Cisco ≫ Vpn 3000 Concentrator Series Software Version3.5.4

Cisco ≫ Vpn 3000 Concentrator Series Software Version3.5.5

Cisco ≫ Vpn 3000 Concentrator Series Software Version3.6

Cisco ≫ Vpn 3000 Concentrator Series Software Version3.6.1

Cisco ≫ Vpn 3000 Concentrator Series Software Version3.6.7

Cisco ≫ Vpn 3000 Concentrator Series Software Version3.6.7d

Cisco ≫ Vpn 3000 Concentrator Series Software Version4.0

Cisco ≫ Vpn 3000 Concentrator Series Software Version4.0.1

Cisco ≫ Vpn 3000 Concentrator Series Software Version4.0.5.b

Cisco ≫ Vpn 3000 Concentrator Series Software Version4.1

Cisco ≫ Vpn 3000 Concentrator Series Software Version4.1.5.b

Cisco ≫ Vpn 3000 Concentrator Series Software Version4.1.7.a

Cisco ≫ Vpn 3000 Concentrator Series Software Version4.1.7.b

Cisco ≫ Vpn 3000 Concentrator Series Software Version4.7

Cisco ≫ Vpn 3000 Concentrator Series Software Version4.7.1

Cisco ≫ Vpn 3000 Concentrator Series Software Version4.7.1.f

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.98%	0.759

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	2.6	4.9	2.9	AV:N/AC:H/Au:N/C:N/I:P/A:N

http://secunia.com/advisories/20644

Vendor Advisory

http://securitytracker.com/id?1016252

Exploit

http://www.cisco.com/warp/public/707/cisco-sr-20060613-webvpn-xss.shtml

http://www.osvdb.org/26453

http://www.osvdb.org/26454

http://www.securityfocus.com/archive/1/436479/30/0/threaded

http://www.securityfocus.com/bid/18419

http://www.vupen.com/english/advisories/2006/2331

https://exchange.xforce.ibmcloud.com/vulnerabilities/27086

https://nvd.nist.gov/vuln/detail/CVE-2006-3073

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-3073

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-3073

EUVD