VPN 3000 Concentrator contains a flaw that may allow a malicious user to bypass certain security restrictions. The issue is triggered due to unspecified errors when using FTP as a management protocol and can be exploited to run the 'CWD', 'MKD', 'CDUP', 'RNFR', 'SIZE', and 'RMD' commands without being authenticated. It is possible that the flaw may allow deleting configuration files and certificates resulting in a loss of integrity.

Upgrade to version 4.1(7)M, 4.7(2)G or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

• CVE ID: 2006-4313 (see also: NVD)
• Secunia Advisory ID: 21617
• SCIP VulDB ID: 2485
• Related OSVDB ID: 28139
• Keyword: 71141,CSCse10733
• Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-08/0447.html
• Vendor Specific Advisory URL: http://www.cisco.com/warp/public/707/cisco-sa-20060823-vpn3k.shtml
• Generic Exploit URL: http://www.securiteam.com/exploits/6D00M1FH5U.html

Unknown or Incomplete