CVE-2001-0427

Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote attackers to cause a denial of service via a flood of invalid login requests to (1) the SSL service, or (2) the telnet service, which do not properly disconnect the user after several failed login attempts.

CVSS v2.0 7.1 HIGH

7.1^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:N/I:N/A:C

Exploitability : 8.6 / Impact : 6.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
http://www.cisco.com/warp/public/707/vpn3k-telnet-vuln-pub.shtml	Patch Vendor Advisory
http://www.osvdb.org/5643
https://exchange.xforce.ibmcloud.com/vulnerabilities/6298

Configurations

Configuration 1 (hide)

OR	cpe:2.3:h:cisco:vpn_3000_concentrator::::::::
	cpe:2.3:h:cisco:vpn_3005_concentrator::::::::
	cpe:2.3:h:cisco:vpn_3015_concentrator::::::::
	cpe:2.3:h:cisco:vpn_3030_concentator::::::::
	cpe:2.3:h:cisco:vpn_3060_concentrator::::::::
	cpe:2.3:h:cisco:vpn_3080_concentrator::::::::

History

No history.

Information

Published : 2001-06-18 04:00

Updated : 2017-10-10 01:29

NVD link : CVE-2001-0427

Mitre link : CVE-2001-0427

CVE.ORG link : CVE-2001-0427

JSON object : View

Products Affected

cisco

vpn_3060_concentrator
vpn_3015_concentrator
vpn_3000_concentrator
vpn_3005_concentrator
vpn_3030_concentator
vpn_3080_concentrator

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2001-0427", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.1, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2001-06-18T04:00:00.000", "references": [{"url": "http://www.cisco.com/warp/public/707/vpn3k-telnet-vuln-pub.shtml", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/5643", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6298", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote attackers to cause a denial of service via a flood of invalid login requests to (1) the SSL service, or (2) the telnet service, which do not properly disconnect the user after several failed login attempts."}], "lastModified": "2017-10-10T01:29:43.407", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:vpn_3000_concentrator:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "24BE2649-D823-486B-8F6C-4B8128EC2795"}, {"criteria": "cpe:2.3:h:cisco:vpn_3005_concentrator:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E098419B-1B9E-4191-9C72-65CE43E38F3B"}, {"criteria": "cpe:2.3:h:cisco:vpn_3015_concentrator:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0A512328-2FD0-4B1D-9327-A13A0BCE9C0D"}, {"criteria": "cpe:2.3:h:cisco:vpn_3030_concentator:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6548F964-B8EE-4B39-87CF-99743D41C42C"}, {"criteria": "cpe:2.3:h:cisco:vpn_3060_concentrator:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E08810E6-33B6-45FF-91C7-EED10DC023EA"}, {"criteria": "cpe:2.3:h:cisco:vpn_3080_concentrator:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2BD1A1AC-980F-428E-8BAF-0FC821014868"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}