OSVDB ID: 25459

Title: Cisco Application Velocity System (AVS) Transparent Proxy Arbitrary Mail Relay

Info

Disclosure

May 10, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Cisco Application Velocity System contains a flaw that may allow a malicious user to establish arbitrary TCP connection. The issue is triggered when an unspecified action occurs. It is possible that the flaw may allow malicious users to circumvent network policy. One likely reason to abuse this flaw is to connect to arbitrary mail servers.

Classification

Location: Remote / Network Access
Attack Type: Other
Impact: Loss of Integrity
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Upgrade to version 5.0.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Cisco Systems, Inc.	Application Velocity System 3110	4.0
		5.0
		5.0.1
	Application Velocity System 3120	5.0.0
		5.0.1

References

Bugtraq ID: 17937
CVE ID: 2006-2322 (see also: NVD)
Secunia Advisory ID: 20079
VUPEN Advisory: ADV-2006-1762
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0257.html
Vendor Specific Advisory URL: http://www.cisco.com/warp/public/707/cisco-sa-20060510-avs.shtml
Keyword: spam

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/25459

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Cisco Systems, Inc.

Application Velocity System 3110

Application Velocity System 3120

References

Credit