Lucene search

MitreCVE-2001-0427

HistorySep 18, 2001 - 4:00 a.m.

CVE-2001-0427

2001-09-1804:00:00

CWE-20

mitre

web.nvd.nist.gov

cisco

vpn 3000 series

dos

vulnerability

invalid login

remote attackers

CVSS2

7.1

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

AI Score

6.7

Confidence

High

EPSS

0.006

Percentile

79.4%

JSON

Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote attackers to cause a denial of service via a flood of invalid login requests to (1) the SSL service, or (2) the telnet service, which do not properly disconnect the user after several failed login attempts.

Affected configurations

Nvd

Node

ciscovpn_3000_concentrator

ciscovpn_3005_concentrator

ciscovpn_3015_concentrator

ciscovpn_3030_concentator

ciscovpn_3060_concentrator

ciscovpn_3080_concentrator

VendorProductVersionCPE
ciscovpn_3000_concentrator*cpe:2.3:h:cisco:vpn_3000_concentrator:*:*:*:*:*:*:*:*
ciscovpn_3005_concentrator*cpe:2.3:h:cisco:vpn_3005_concentrator:*:*:*:*:*:*:*:*
ciscovpn_3015_concentrator*cpe:2.3:h:cisco:vpn_3015_concentrator:*:*:*:*:*:*:*:*
ciscovpn_3030_concentator*cpe:2.3:h:cisco:vpn_3030_concentator:*:*:*:*:*:*:*:*
ciscovpn_3060_concentrator*cpe:2.3:h:cisco:vpn_3060_concentrator:*:*:*:*:*:*:*:*
ciscovpn_3080_concentrator*cpe:2.3:h:cisco:vpn_3080_concentrator:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	vpn_3000_concentrator	*	cpe:2.3:h:cisco:vpn_3000_concentrator::::::::
cisco	vpn_3005_concentrator	*	cpe:2.3:h:cisco:vpn_3005_concentrator::::::::
cisco	vpn_3015_concentrator	*	cpe:2.3:h:cisco:vpn_3015_concentrator::::::::
cisco	vpn_3030_concentator	*	cpe:2.3:h:cisco:vpn_3030_concentator::::::::
cisco	vpn_3060_concentrator	*	cpe:2.3:h:cisco:vpn_3060_concentrator::::::::
cisco	vpn_3080_concentrator	*	cpe:2.3:h:cisco:vpn_3080_concentrator::::::::

References

www.cisco.com/warp/public/707/vpn3k-telnet-vuln-pub.shtml

www.osvdb.org/5643

exchange.xforce.ibmcloud.com/vulnerabilities/6298

CVSS2

7.1

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

AI Score

6.7

Confidence

High

EPSS

0.006

Percentile

79.4%

JSON

Related for CVE-2001-0427