A Study of Common Vulnerabilities Exposures

The security of systems and information is a priority in information technology.

Common Vulnerability Exposures (CVE)s, are cyber security weakness that expose computer-based systems to the danger of malfunction, intrusion, violation of privacy or hacking. CVEs are usually catalogued in a reference system maintained by Federal Cybersecurity Agencies and the Department of Homeland Security for public access and knowledge. With such knowledge software developers and vendors are able to seal the security risks.

Cisco VPN 3000 Series Concentrators- Vulnerability

This is a series Virtual Private Network (VPN) software developed for data authentication and encryption via remote access. The vulnerability of this system allows Virtual Private Network clients to log in using Internet Protocol Security(IPSec) or Point-to-Point Tunneling Protocol (PPTP) user authentication when the system configuration operates under group account internal authentication in the absence of any user accounts. Remotely operating attackers can access valid credentials of group-names by transmitting a packet of Internet Key Exchange Protocols-Aggressive Mode to determine if the group-name is correct. The VPN does not respond with an error report or reject the incorrect group-name.

Patching

Patching is the process of redesigning or updating software in order to fix it or improve its functionality. The vulnerabilities apparent in the Cisco VPN 3000 Series Concentrators have been patched progressively to improve protection. This vulnerability was patched in the proceeding versions of Cisco VPN 3000 series concentrators and also in the 3.6.1 or 3.5.5 versions of Cisco VPN 3002 Hardware Client.

Conclusion

The vulnerability in Cisco VPN 3000 Series Concentrators exposes users to unprecedent cyber-space danger. Their information and the privacy of their communication is not guaranteed since the system is open for intrusion. This exploit can be used by hackers to obtain critical information that can result in fraud or cyber-bulling. The documentation/cataloguing of all exposures and vulnerabilities in the Common Vulnerability Exposures (CVE) system helps inform consumers of cyber space risks and provides information to developers and vendors to improve products that offer better cyber security.

References

Kang, B. H., & Balitanas, M. O. (2009). Vulnerabilities of vpn using ipsec and defensive measures. International journal of advanced science and technology, 8(7), 9-18.

Cisco VPN 3000 Concentrator Multiple Vulnerabilities. (2002). Tools.cisco.com. Retrieved 27 March 2018, from https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20020903-vpn3k-vulnerability