Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2006-3906

Internet Key Exchange (IKE) version 1 protocol, as implemented on Cisco IOS, VPN 3000 Concentrators, and PIX firewalls, allows remote attackers to cause a denial of service (resource exhaustion) via a flood of IKE Phase-1 packets that exceed the session expiration rate. NOTE: it has been argued that this is due to a design weakness of the IKE version 1 protocol, in which case other vendors and implementations would also be affected.

Published

2006-07-27T22:04:00.000

Last Modified

2025-04-03T01:03:51.193

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 5.0 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	cisco	ios	*	Yes
Hardware	cisco	vpn_3001_concentrator	*	Yes
Hardware	cisco	vpn_3015_concentrator	*	Yes
Hardware	cisco	vpn_3020_concentrator	*	Yes
Hardware	cisco	vpn_3030_concentator	*	Yes
Hardware	cisco	vpn_3060_concentrator	*	Yes
Hardware	cisco	vpn_3080_concentrator	*	Yes
Operating System	cisco	adaptive_security_appliance_software	7.0	Yes
Operating System	cisco	adaptive_security_appliance_software	7.0\(4\)	Yes
Operating System	cisco	adaptive_security_appliance_software	7.0\(5\)	Yes
Operating System	cisco	adaptive_security_appliance_software	7.0.1.4	Yes
Operating System	cisco	adaptive_security_appliance_software	7.0.4.3	Yes
Operating System	cisco	adaptive_security_appliance_software	7.1\(2\)	Yes
Operating System	cisco	vpn_3000_concentrator_series_software	2.0	Yes
Operating System	cisco	vpn_3000_concentrator_series_software	2.5.2.a	Yes
Operating System	cisco	vpn_3000_concentrator_series_software	2.5.2.b	Yes
Operating System	cisco	vpn_3000_concentrator_series_software	2.5.2.c	Yes
Operating System	cisco	vpn_3000_concentrator_series_software	2.5.2.d	Yes
Operating System	cisco	vpn_3000_concentrator_series_software	2.5.2.f	Yes
Operating System	cisco	vpn_3000_concentrator_series_software	3.0	Yes
Operating System	cisco	vpn_3000_concentrator_series_software	3.0.3.a	Yes
Operating System	cisco	vpn_3000_concentrator_series_software	3.0.3.b	Yes
Operating System	cisco	vpn_3000_concentrator_series_software	3.0.4	Yes
Operating System	cisco	vpn_3000_concentrator_series_software	3.1	Yes
Operating System	cisco	vpn_3000_concentrator_series_software	3.1\(rel\)	Yes
Operating System	cisco	vpn_3000_concentrator_series_software	3.1.1	Yes
Operating System	cisco	vpn_3000_concentrator_series_software	3.1.2	Yes
Operating System	cisco	vpn_3000_concentrator_series_software	3.1.4	Yes
Operating System	cisco	vpn_3000_concentrator_series_software	3.5\(rel\)	Yes
Operating System	cisco	vpn_3000_concentrator_series_software	3.5.1	Yes
Operating System	cisco	vpn_3000_concentrator_series_software	3.5.2	Yes
Operating System	cisco	vpn_3000_concentrator_series_software	3.5.3	Yes
Operating System	cisco	vpn_3000_concentrator_series_software	3.5.4	Yes
Operating System	cisco	vpn_3000_concentrator_series_software	3.5.5	Yes
Operating System	cisco	vpn_3000_concentrator_series_software	3.6	Yes
Operating System	cisco	vpn_3000_concentrator_series_software	3.6.1	Yes
Operating System	cisco	vpn_3000_concentrator_series_software	3.6.3	Yes
Operating System	cisco	vpn_3000_concentrator_series_software	3.6.5	Yes
Operating System	cisco	vpn_3000_concentrator_series_software	3.6.7	Yes
Operating System	cisco	vpn_3000_concentrator_series_software	3.6.7.a	Yes
Operating System	cisco	vpn_3000_concentrator_series_software	3.6.7.b	Yes
Operating System	cisco	vpn_3000_concentrator_series_software	3.6.7.c	Yes
Operating System	cisco	vpn_3000_concentrator_series_software	3.6.7.d	Yes
Operating System	cisco	vpn_3000_concentrator_series_software	3.6.7.f	Yes
Operating System	cisco	vpn_3000_concentrator_series_software	3.6.7d	Yes
Operating System	cisco	vpn_3000_concentrator_series_software	4.0	Yes
Operating System	cisco	vpn_3000_concentrator_series_software	4.0.1	Yes
Operating System	cisco	vpn_3000_concentrator_series_software	4.0.2	Yes
Operating System	cisco	vpn_3000_concentrator_series_software	4.0.5.b	Yes
Operating System	cisco	vpn_3000_concentrator_series_software	4.1	Yes
Operating System	cisco	vpn_3000_concentrator_series_software	4.1.5.b	Yes
Operating System	cisco	vpn_3000_concentrator_series_software	4.1.7.a	Yes
Operating System	cisco	vpn_3000_concentrator_series_software	4.1.7.b	Yes
Operating System	cisco	vpn_3000_concentrator_series_software	4.1.7.l	Yes
Operating System	cisco	vpn_3000_concentrator_series_software	4.7	Yes
Operating System	cisco	vpn_3000_concentrator_series_software	4.7\(rel\)	Yes
Operating System	cisco	vpn_3000_concentrator_series_software	4.7.1	Yes
Operating System	cisco	vpn_3000_concentrator_series_software	4.7.1.f	Yes
Operating System	cisco	vpn_3000_concentrator_series_software	4.7.2	Yes
Operating System	cisco	vpn_3000_concentrator_series_software	4.7.2.a	Yes
Operating System	cisco	vpn_3000_concentrator_series_software	4.7.2.f	Yes
Operating System	cisco	vpn_3005_concentrator_software	4.0.1	Yes
Operating System	cisco	vpn_3030_concentator	4.7\(rel\)	Yes
Operating System	cisco	vpn_3030_concentator	4.7.1	Yes
Operating System	cisco	vpn_3030_concentator	4.7.1.f	Yes
Operating System	cisco	vpn_3030_concentator	4.7.2	Yes
Operating System	cisco	vpn_3030_concentator	4.7.2.a	Yes
Operating System	cisco	vpn_3030_concentator	4.7.2.f	Yes
Application	cisco	pix_asa_ids	*	Yes
Application	cisco	pix_firewall	6.2.2_.111	Yes
Application	cisco	pix_firewall	6.2.3_\(110\)	Yes
Application	cisco	pix_firewall	6.3.3_\(133\)	Yes
Application	cisco	pix_firewall	6.3.5_\(112\)	Yes
Hardware	cisco	pix_firewall_501	*	Yes
Hardware	cisco	pix_firewall_506	*	Yes
Hardware	cisco	pix_firewall_515	*	Yes
Hardware	cisco	pix_firewall_515e	*	Yes
Hardware	cisco	pix_firewall_520	*	Yes
Hardware	cisco	pix_firewall_525	*	Yes
Hardware	cisco	pix_firewall_535	*	Yes
Hardware	cisco	secure_pix_firewall	*	Yes
Operating System	cisco	pix_firewall_software	2.7	Yes
Operating System	cisco	pix_firewall_software	3.0	Yes
Operating System	cisco	pix_firewall_software	3.1	Yes
Operating System	cisco	pix_firewall_software	4.0	Yes
Operating System	cisco	pix_firewall_software	4.1\(6\)	Yes
Operating System	cisco	pix_firewall_software	4.1\(6b\)	Yes
Operating System	cisco	pix_firewall_software	4.2	Yes
Operating System	cisco	pix_firewall_software	4.2\(1\)	Yes
Operating System	cisco	pix_firewall_software	4.2\(2\)	Yes
Operating System	cisco	pix_firewall_software	4.2\(5\)	Yes
Operating System	cisco	pix_firewall_software	4.3	Yes
Operating System	cisco	pix_firewall_software	4.4	Yes
Operating System	cisco	pix_firewall_software	4.4\(4\)	Yes
Operating System	cisco	pix_firewall_software	4.4\(7.202\)	Yes
Operating System	cisco	pix_firewall_software	4.4\(8\)	Yes
Operating System	cisco	pix_firewall_software	5.0	Yes
Operating System	cisco	pix_firewall_software	5.1	Yes
Operating System	cisco	pix_firewall_software	5.1\(4\)	Yes
Operating System	cisco	pix_firewall_software	5.1\(4.206\)	Yes
Operating System	cisco	pix_firewall_software	5.2	Yes
Operating System	cisco	pix_firewall_software	5.2\(1\)	Yes
Operating System	cisco	pix_firewall_software	5.2\(2\)	Yes
Operating System	cisco	pix_firewall_software	5.2\(3.210\)	Yes
Operating System	cisco	pix_firewall_software	5.2\(5\)	Yes
Operating System	cisco	pix_firewall_software	5.2\(6\)	Yes
Operating System	cisco	pix_firewall_software	5.2\(7\)	Yes
Operating System	cisco	pix_firewall_software	5.2\(9\)	Yes
Operating System	cisco	pix_firewall_software	5.3	Yes
Operating System	cisco	pix_firewall_software	5.3\(1\)	Yes
Operating System	cisco	pix_firewall_software	5.3\(1.200\)	Yes
Operating System	cisco	pix_firewall_software	5.3\(2\)	Yes
Operating System	cisco	pix_firewall_software	5.3\(3\)	Yes
Operating System	cisco	pix_firewall_software	6.0	Yes
Operating System	cisco	pix_firewall_software	6.0\(1\)	Yes
Operating System	cisco	pix_firewall_software	6.0\(2\)	Yes
Operating System	cisco	pix_firewall_software	6.0\(3\)	Yes
Operating System	cisco	pix_firewall_software	6.0\(4\)	Yes
Operating System	cisco	pix_firewall_software	6.0\(4.101\)	Yes
Operating System	cisco	pix_firewall_software	6.1	Yes
Operating System	cisco	pix_firewall_software	6.1\(1\)	Yes
Operating System	cisco	pix_firewall_software	6.1\(2\)	Yes
Operating System	cisco	pix_firewall_software	6.1\(3\)	Yes
Operating System	cisco	pix_firewall_software	6.1\(4\)	Yes
Operating System	cisco	pix_firewall_software	6.1\(5\)	Yes
Operating System	cisco	pix_firewall_software	6.1.5\(104\)	Yes
Operating System	cisco	pix_firewall_software	6.2	Yes
Operating System	cisco	pix_firewall_software	6.2\(1\)	Yes
Operating System	cisco	pix_firewall_software	6.2\(2\)	Yes
Operating System	cisco	pix_firewall_software	6.2\(3\)	Yes
Operating System	cisco	pix_firewall_software	6.2\(3.100\)	Yes
Operating System	cisco	pix_firewall_software	6.3	Yes
Operating System	cisco	pix_firewall_software	6.3\(1\)	Yes
Operating System	cisco	pix_firewall_software	6.3\(2\)	Yes
Operating System	cisco	pix_firewall_software	6.3\(3\)	Yes
Operating System	cisco	pix_firewall_software	6.3\(3.102\)	Yes
Operating System	cisco	pix_firewall_software	6.3\(3.109\)	Yes
Operating System	cisco	pix_firewall_software	6.3\(5\)	Yes

References

http://archives.neohapsis.com/archives/bugtraq/2006-07/0531.html ([email protected])
http://securityreason.com/securityalert/1293 ([email protected])
http://securitytracker.com/id?1016582 ([email protected])
http://www.cisco.com/en/US/tech/tk583/tk372/tsd_technology_security_response09186a00806f33d4.html ([email protected])
http://www.nta-monitor.com/posts/2006/07/cisco-concentrator-dos.html ([email protected])
http://www.osvdb.org/29068 ([email protected])
http://www.securityfocus.com/archive/1/441203/100/0/threaded ([email protected])
http://www.securityfocus.com/bid/19176 ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/27972 ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5299 ([email protected])
http://archives.neohapsis.com/archives/bugtraq/2006-07/0531.html (af854a3a-2127-422b-91ae-364da2661108)
http://securityreason.com/securityalert/1293 (af854a3a-2127-422b-91ae-364da2661108)
http://securitytracker.com/id?1016582 (af854a3a-2127-422b-91ae-364da2661108)
http://www.cisco.com/en/US/tech/tk583/tk372/tsd_technology_security_response09186a00806f33d4.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.nta-monitor.com/posts/2006/07/cisco-concentrator-dos.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.osvdb.org/29068 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/441203/100/0/threaded (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/19176 (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/27972 (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5299 (af854a3a-2127-422b-91ae-364da2661108)