CVE-2001-0427

Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote attackers to cause a denial of service via a flood of invalid login requests to (1) the SSL service, or (2) the telnet service, which do not properly disconnect the user after several failed login attempts.

CVSS v2.0 7.1 HIGH

7.1^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:N/I:N/A:C

Exploitability : 8.6 / Impact : 6.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
http://www.cisco.com/warp/public/707/vpn3k-telnet-vuln-pub.shtml	Patch Vendor Advisory
http://www.osvdb.org/5643
https://exchange.xforce.ibmcloud.com/vulnerabilities/6298

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:h:cisco:vpn_3030_concentator::::::::
	cpe:2.3:h:cisco:vpn_3060_concentrator::::::::
	cpe:2.3:h:cisco:vpn_3005_concentrator::::::::
	cpe:2.3:h:cisco:vpn_3015_concentrator::::::::
	cpe:2.3:h:cisco:vpn_3000_concentrator::::::::
	cpe:2.3:h:cisco:vpn_3080_concentrator::::::::

Information

Published : 2001-06-17 21:00

Updated : 2017-10-09 18:29

NVD link : CVE-2001-0427

Mitre link : CVE-2001-0427

JSON object : View

CWE

CWE-20

Improper Input Validation

Advertisement

Products Affected

cisco

vpn_3005_concentrator
vpn_3080_concentrator
vpn_3060_concentrator
vpn_3000_concentrator
vpn_3030_concentator
vpn_3015_concentrator

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.cisco.com/warp/public/707/vpn3k-telnet-vuln-pub.shtml", "name": "20010328 VPN3000 Concentrator TELNET Vulnerability", "tags": ["Patch", "Vendor Advisory"], "refsource": "CISCO"}, {"url": "http://www.osvdb.org/5643", "name": "5643", "tags": [], "refsource": "OSVDB"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6298", "name": "cisco-vpn-telnet-dos(6298)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote attackers to cause a denial of service via a flood of invalid login requests to (1) the SSL service, or (2) the telnet service, which do not properly disconnect the user after several failed login attempts."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-20"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2001-0427", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.1, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "severity": "HIGH", "impactScore": 6.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2001-06-18T04:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:cisco:vpn_3030_concentator:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:cisco:vpn_3060_concentrator:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:cisco:vpn_3005_concentrator:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:cisco:vpn_3015_concentrator:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:cisco:vpn_3000_concentrator:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:cisco:vpn_3080_concentrator:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-10-10T01:29Z"}