CVE-2002-0628

The Telnet service for Polycom ViewStation before 7.2.4 does not restrict the number of failed login attempts, which makes it easier for remote attackers to guess usernames and passwords via a brute force attack.

CVSS v3 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21089	Broken Link
http://www.ciac.org/ciac/bulletins/m-123.shtml	Broken Link Patch Vendor Advisory
http://www.iss.net/security_center/static/9349.php	Broken Link Vendor Advisory
http://www.polycom.com/common/pw_item_show_doc/0%2C%2C1444%2C00.pdf	Product
http://www.securityfocus.com/bid/5635	Broken Link Third Party Advisory VDB Entry Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/44241	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

OR	cpe:2.3:h:polycom:viewstation_128:6.5.1:::::::*
	cpe:2.3:h:polycom:viewstation_128:7.2:::::::*
	cpe:2.3:h:polycom:viewstation_512:6.5.1:::::::*
	cpe:2.3:h:polycom:viewstation_512:7.2:::::::*
	cpe:2.3:h:polycom:viewstation_dcp:6.5.1:::::::*
	cpe:2.3:h:polycom:viewstation_dcp:7.2:::::::*
	cpe:2.3:h:polycom:viewstation_fx_vs4000:4.1.5:::::::*
	cpe:2.3:h:polycom:viewstation_h.323:6.5.1:::::::*
	cpe:2.3:h:polycom:viewstation_h.323:7.2:::::::*
	cpe:2.3:h:polycom:viewstation_mp:6.5.1:::::::*
	cpe:2.3:h:polycom:viewstation_mp:7.2:::::::*
	cpe:2.3:h:polycom:viewstation_sp_384:6.5.1:::::::*
	cpe:2.3:h:polycom:viewstation_sp_384:7.2:::::::*
	cpe:2.3:h:polycom:viewstation_v.35:6.5.1:::::::*
	cpe:2.3:h:polycom:viewstation_v.35:7.2:::::::*

History

No history.

Information

Published : 2003-01-07 05:00

Updated : 2024-02-09 03:14

NVD link : CVE-2002-0628

Mitre link : CVE-2002-0628

CVE.ORG link : CVE-2002-0628

JSON object : View

Products Affected

polycom

viewstation_512
viewstation_dcp
viewstation_v.35
viewstation_mp
viewstation_sp_384
viewstation_h.323
viewstation_128
viewstation_fx_vs4000

CWE

CWE-307

Improper Restriction of Excessive Authentication Attempts

{"id": "CVE-2002-0628", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2003-01-07T05:00:00.000", "references": [{"url": "http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21089", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://www.ciac.org/ciac/bulletins/m-123.shtml", "tags": ["Broken Link", "Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.iss.net/security_center/static/9349.php", "tags": ["Broken Link", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.polycom.com/common/pw_item_show_doc/0%2C%2C1444%2C00.pdf", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/5635", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44241", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-307"}]}], "descriptions": [{"lang": "en", "value": "The Telnet service for Polycom ViewStation before 7.2.4 does not restrict the number of failed login attempts, which makes it easier for remote attackers to guess usernames and passwords via a brute force attack."}, {"lang": "es", "value": "El servicio Telnet en Polycom ViewStation 7.2 y anteriores no restringe el n\u00famero de intentos de inicio de sesi\u00f3n fallidos, lo que facilita a atacantes remotos la obtenci\u00f3n de nombres de usuario y contrase\u00f1as mediante ataques de fuerza bruta."}], "lastModified": "2024-02-09T03:14:16.373", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:polycom:viewstation_128:6.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "82DD3A4C-3C97-4846-8978-282374E403AE"}, {"criteria": "cpe:2.3:h:polycom:viewstation_128:7.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6174A218-F390-4FA2-BF8B-5F8EE481E8A5"}, {"criteria": "cpe:2.3:h:polycom:viewstation_512:6.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB674D32-6C43-4A35-B589-8E361A89EE51"}, {"criteria": "cpe:2.3:h:polycom:viewstation_512:7.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB1438E9-67A7-40D8-8139-49573D65BF33"}, {"criteria": "cpe:2.3:h:polycom:viewstation_dcp:6.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5028B3B9-FB55-436D-A4CA-07ED6FD4419A"}, {"criteria": "cpe:2.3:h:polycom:viewstation_dcp:7.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C6FE7FB9-3311-4653-AEE2-70FD102D61E2"}, {"criteria": "cpe:2.3:h:polycom:viewstation_fx_vs4000:4.1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CB002B45-6E30-445F-82A0-88755E19FC43"}, {"criteria": "cpe:2.3:h:polycom:viewstation_h.323:6.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CA6A392C-04D6-4C4C-9254-1BF9F3F637C5"}, {"criteria": "cpe:2.3:h:polycom:viewstation_h.323:7.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "875A029F-2EEE-42FD-9193-AE90414063B1"}, {"criteria": "cpe:2.3:h:polycom:viewstation_mp:6.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CA8A8DA7-77AF-4A60-BAF6-DFB891ED5787"}, {"criteria": "cpe:2.3:h:polycom:viewstation_mp:7.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A507CE44-4513-4861-B2B2-2B4AF755C61D"}, {"criteria": "cpe:2.3:h:polycom:viewstation_sp_384:6.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "97EF2076-D358-4087-BC16-37FA78101EBA"}, {"criteria": "cpe:2.3:h:polycom:viewstation_sp_384:7.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F7FD9573-3736-4086-B0A2-49CF86526D3D"}, {"criteria": "cpe:2.3:h:polycom:viewstation_v.35:6.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9A9729B7-A118-41E1-85DE-9072E00BF66A"}, {"criteria": "cpe:2.3:h:polycom:viewstation_v.35:7.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BDFB03A6-9733-4A69-8D7E-700B718924DC"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

7.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2002-0628

7.5^/10

5.0^/10

Attach tags to `CVE-2002-0628`