PT-2006-3287 · Cisco · Cisco Application Velocity System (Avs) 3120+1

Published

2006-05-12

Updated

2017-07-20

CVE-2006-2322

CVSS v2.0

6.4

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Cisco Application Velocity System (AVS) 3110 versions 4.0 and earlier, 5.0 Cisco Application Velocity System (AVS) 3120 versions 5.0.0 and earlier

Description The transparent proxy feature of the Cisco Application Velocity System has a default configuration that allows remote attackers to proxy arbitrary TCP connections.

Recommendations For Cisco Application Velocity System (AVS) 3110 versions 4.0 and earlier, 5.0, consider reconfiguring the transparent proxy feature to restrict arbitrary TCP connections. For Cisco Application Velocity System (AVS) 3120 versions 5.0.0 and earlier, consider reconfiguring the transparent proxy feature to restrict arbitrary TCP connections. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-2322

Affected Products

Cisco Application Velocity System (Avs) 3110

Cisco Application Velocity System (Avs) 3120

PT-2006-3287 · Cisco · Cisco Application Velocity System (Avs) 3120+1

CVE-2006-2322

Related Identifiers

Affected Products

References · 8