Details of VAR-200210-0271

ID

VAR-200210-0271

CVE

CVE-2002-1100

TITLE

Cisco VPN 3000 Series Concentrator Publish User Certificate Denial of Service Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200210-087

DESCRIPTION

Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, allows remote attackers to cause a denial of service (crash) via a long (1) username or (2) password to the HTML login interface. To exploit this condition, the attacker must submit overly long values for the username/password strings using the POST method. The attacker might, for example, submit a modified version of the form for the login page to trigger this condition. Successful exploitation will cause the device to reload. Cisco VPN 3000 Concentrator 2.2.x, and 3.x versions prior to 3.5.3 have vulnerabilities

Trust: 1.26

sources: NVD: CVE-2002-1100 // BID: 5617 // VULHUB: VHN-5488

AFFECTED PRODUCTS

vendor:	cisco	model:	vpn concentrator	scope:	eq	version:	30002.5.2	Trust: 1.5
vendor:	cisco	model:	vpn 3000 concentrator series software	scope:	eq	version:	2.0	Trust: 1.0
vendor:	cisco	model:	vpn 3000 concentrator series software	scope:	eq	version:	2.5.2.a	Trust: 1.0
vendor:	cisco	model:	vpn 3000 concentrator series software	scope:	eq	version:	3.0.3.b	Trust: 1.0
vendor:	cisco	model:	vpn 3002 hardware client	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	vpn 3000 concentrator series software	scope:	eq	version:	2.5.2.b	Trust: 1.0
vendor:	cisco	model:	vpn 3000 concentrator series software	scope:	eq	version:	3.0.4	Trust: 1.0
vendor:	cisco	model:	vpn 3000 concentrator series software	scope:	eq	version:	3.0\(rel\)	Trust: 1.0
vendor:	cisco	model:	vpn 3000 concentrator series software	scope:	eq	version:	3.0.3.a	Trust: 1.0
vendor:	cisco	model:	vpn 3000 concentrator series software	scope:	eq	version:	2.5.2.c	Trust: 1.0
vendor:	cisco	model:	vpn 3000 concentrator series software	scope:	eq	version:	2.5.2.d	Trust: 1.0
vendor:	cisco	model:	vpn 3000 concentrator series software	scope:	eq	version:	3.1	Trust: 1.0
vendor:	cisco	model:	vpn 3000 concentrator series software	scope:	eq	version:	3.1.2	Trust: 1.0
vendor:	cisco	model:	vpn 3000 concentrator series software	scope:	eq	version:	3.1.1	Trust: 1.0
vendor:	cisco	model:	vpn 3000 concentrator series software	scope:	eq	version:	3.1.4	Trust: 1.0
vendor:	cisco	model:	vpn 3000 concentrator series software	scope:	eq	version:	3.5\(rel\)	Trust: 1.0
vendor:	cisco	model:	vpn 3000 concentrator series software	scope:	eq	version:	2.5.2.f	Trust: 1.0
vendor:	cisco	model:	vpn 3000 concentrator series software	scope:	eq	version:	3.1\(rel\)	Trust: 1.0
vendor:	cisco	model:	vpn 3000 concentrator series software	scope:	eq	version:	3.5.2	Trust: 1.0
vendor:	cisco	model:	vpn 3000 concentrator series software	scope:	eq	version:	3.5.1	Trust: 1.0
vendor:	cisco	model:	vpn 3000 concentrator series software	scope:	eq	version:	3.0	Trust: 1.0
vendor:	cisco	model:	vpn concentrator	scope:	eq	version:	30003.0.3	Trust: 0.6
vendor:	cisco	model:	vpn concentrator	scope:	eq	version:	30003.1	Trust: 0.6
vendor:	cisco	model:	vpn 3000 concentrator	scope:	eq	version:	3.1	Trust: 0.6
vendor:	cisco	model:	vpn 3000 concentrator	scope:	eq	version:	3.1.1	Trust: 0.6
vendor:	cisco	model:	vpn 3000 concentrator	scope:	eq	version:	3.1.2	Trust: 0.6
vendor:	cisco	model:	vpn 3000 concentrator	scope:	eq	version:	3.1\(rel\)	Trust: 0.6
vendor:	cisco	model:	vpn 3000 concentrator	scope:	eq	version:	3.1.4	Trust: 0.6
vendor:	cisco	model:	vpn 3000 concentrator	scope:	eq	version:	3.5\(rel\)	Trust: 0.6
vendor:	cisco	model:	vpn 3000 concentrator	scope:	eq	version:	3.5.1	Trust: 0.6
vendor:	cisco	model:	vpn 3000 concentrator	scope:	eq	version:	3.5.2	Trust: 0.6
vendor:	cisco	model:	vpn 3000 concentrator	scope:	eq	version:	3.0.3.b	Trust: 0.6
vendor:	cisco	model:	vpn 3000 concentrator	scope:	eq	version:	3.0.4	Trust: 0.6
vendor:	cisco	model:	vpn concentrator	scope:	eq	version:	30003.0.4	Trust: 0.3
vendor:	cisco	model:	vpn concentrator	scope:	eq	version:	30003.1.4	Trust: 0.3
vendor:	cisco	model:	vpn concentrator	scope:	ne	version:	30003.5.5	Trust: 0.3
vendor:	cisco	model:	vpn concentrator	scope:	eq	version:	30003.0	Trust: 0.3
vendor:	cisco	model:	vpn concentrator	scope:	eq	version:	30003.5.2	Trust: 0.3
vendor:	cisco	model:	vpn concentrator	scope:	ne	version:	30003.5.3	Trust: 0.3
vendor:	cisco	model:	vpn concentrator	scope:	ne	version:	30003.6	Trust: 0.3
vendor:	cisco	model:	vpn concentrator	scope:	eq	version:	30003.5	Trust: 0.3
vendor:	cisco	model:	vpn concentrator	scope:	ne	version:	30003.5.4	Trust: 0.3
vendor:	cisco	model:	vpn concentrator	scope:	eq	version:	30003.1.1	Trust: 0.3
vendor:	cisco	model:	vpn concentrator	scope:	eq	version:	30003.1.2	Trust: 0.3
vendor:	cisco	model:	vpn hardware client	scope:	eq	version:	3002	Trust: 0.3
vendor:	cisco	model:	vpn concentrator	scope:	eq	version:	30002.0	Trust: 0.3
vendor:	cisco	model:	vpn concentrator	scope:	ne	version:	30003.6.1	Trust: 0.3
vendor:	cisco	model:	vpn concentrator	scope:	eq	version:	30003.5.1	Trust: 0.3

sources: BID: 5617 // CNNVD: CNNVD-200210-087 // NVD: CVE-2002-1100

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2002-1100
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200210-087
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-5488
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2002-1100
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-5488
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-5488 // CNNVD: CNNVD-200210-087 // NVD: CVE-2002-1100

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-1100

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200210-087

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200210-087

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-5488

EXTERNAL IDS

db:	BID	id:	5617	Trust: 2.0
db:	NVD	id:	CVE-2002-1100	Trust: 2.0
db:	CNNVD	id:	CNNVD-200210-087	Trust: 0.7
db:	CISCO	id:	20020903 CISCO VPN 3000 CONCENTRATOR MULTIPLE VULNERABILITIES	Trust: 0.6
db:	XF	id:	10025	Trust: 0.6
db:	VULHUB	id:	VHN-5488	Trust: 0.1

sources: VULHUB: VHN-5488 // BID: 5617 // CNNVD: CNNVD-200210-087 // NVD: CVE-2002-1100

REFERENCES

url:	http://www.securityfocus.com/bid/5617	Trust: 1.7
url:	http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml	Trust: 1.7
url:	http://www.iss.net/security_center/static/10025.php	Trust: 1.7

sources: VULHUB: VHN-5488 // CNNVD: CNNVD-200210-087 // NVD: CVE-2002-1100

CREDITS

Vulnerability announced in a Cisco Security Advisory.

Trust: 0.9

sources: BID: 5617 // CNNVD: CNNVD-200210-087

SOURCES

db:	VULHUB	id:	VHN-5488
db:	BID	id:	5617
db:	CNNVD	id:	CNNVD-200210-087
db:	NVD	id:	CVE-2002-1100

LAST UPDATE DATE

2024-08-14T14:16:15.863000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-5488	date:	2018-10-30T00:00:00
db:	BID	id:	5617	date:	2009-07-11T15:56:00
db:	CNNVD	id:	CNNVD-200210-087	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2002-1100	date:	2018-10-30T16:26:19.107

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-5488	date:	2002-10-04T00:00:00
db:	BID	id:	5617	date:	2002-09-03T00:00:00
db:	CNNVD	id:	CNNVD-200210-087	date:	2002-10-04T00:00:00
db:	NVD	id:	CVE-2002-1100	date:	2002-10-04T04:00:00