ID
VAR-200210-0274
CVE
CVE-2002-1103
TITLE
Cisco VPN 3000 series concentrator does not properly handle malformed ISAKMP packets
Trust: 0.8
DESCRIPTION
Cisco VPN 3000 Concentrator 2.2.x, 3.6(Rel), and 3.x before 3.5.5, allows remote attackers to cause a denial of service via (1) malformed or (2) large ISAKMP packets. Cisco VPN 3000 series concentrators do not properly handle specially crafted Internet Security Association and Key Management Protocol (ISAKMP) packets, which can cause a vulnerable device to reload, denying service to legitimate users. Denial of network/VPN service may be possible. Cisco has reported a number of vulnerabilities in the VPN 3000 series concentrators. These issues affect models 3005, 3015, 3030, 3060, 3080 and the Cisco VPN 3002 Hardware Client. The nature of these issues varies from disclosure of sensitive information, to denial of service. Some of these issues may allow for remote unauthorized access to the device or the network to occur. VPN 3000 Concentrator is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause denial-of-service conditions
Trust: 2.52
AFFECTED PRODUCTS
| vendor: | cisco | model: | vpn concentrator | scope: | eq | version: | 30002.5.2 | Trust: 4.5 |
| vendor: | cisco | model: | vpn concentrator | scope: | eq | version: | 30003.0.3 | Trust: 1.5 |
| vendor: | cisco | model: | vpn concentrator | scope: | eq | version: | 30003.1 | Trust: 1.2 |
| vendor: | cisco | model: | vpn 3000 concentrator series software | scope: | eq | version: | 2.0 | Trust: 1.0 |
| vendor: | cisco | model: | vpn 3000 concentrator series software | scope: | eq | version: | 2.5.2.a | Trust: 1.0 |
| vendor: | cisco | model: | vpn 3000 concentrator series software | scope: | eq | version: | 3.0.3.b | Trust: 1.0 |
| vendor: | cisco | model: | vpn 3002 hardware client | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | cisco | model: | vpn 3000 concentrator series software | scope: | eq | version: | 2.5.2.b | Trust: 1.0 |
| vendor: | cisco | model: | vpn 3000 concentrator series software | scope: | eq | version: | 3.0.4 | Trust: 1.0 |
| vendor: | cisco | model: | vpn 3000 concentrator series software | scope: | eq | version: | 3.0\(rel\) | Trust: 1.0 |
| vendor: | cisco | model: | vpn 3000 concentrator series software | scope: | eq | version: | 3.0.3.a | Trust: 1.0 |
| vendor: | cisco | model: | vpn 3000 concentrator series software | scope: | eq | version: | 2.5.2.c | Trust: 1.0 |
| vendor: | cisco | model: | vpn 3000 concentrator series software | scope: | eq | version: | 2.5.2.d | Trust: 1.0 |
| vendor: | cisco | model: | vpn 3000 concentrator series software | scope: | eq | version: | 3.1 | Trust: 1.0 |
| vendor: | cisco | model: | vpn 3000 concentrator series software | scope: | eq | version: | 3.1.2 | Trust: 1.0 |
| vendor: | cisco | model: | vpn 3000 concentrator series software | scope: | eq | version: | 3.1.1 | Trust: 1.0 |
| vendor: | cisco | model: | vpn 3000 concentrator series software | scope: | eq | version: | 3.1.4 | Trust: 1.0 |
| vendor: | cisco | model: | vpn 3000 concentrator series software | scope: | eq | version: | 3.5\(rel\) | Trust: 1.0 |
| vendor: | cisco | model: | vpn 3000 concentrator series software | scope: | eq | version: | 2.5.2.f | Trust: 1.0 |
| vendor: | cisco | model: | vpn 3000 concentrator series software | scope: | eq | version: | 3.5.4 | Trust: 1.0 |
| vendor: | cisco | model: | vpn 3000 concentrator series software | scope: | eq | version: | 3.1\(rel\) | Trust: 1.0 |
| vendor: | cisco | model: | vpn 3000 concentrator series software | scope: | eq | version: | 3.5.3 | Trust: 1.0 |
| vendor: | cisco | model: | vpn 3000 concentrator series software | scope: | eq | version: | 3.5.2 | Trust: 1.0 |
| vendor: | cisco | model: | vpn 3000 concentrator series software | scope: | eq | version: | 3.5.1 | Trust: 1.0 |
| vendor: | cisco | model: | vpn 3000 concentrator series software | scope: | eq | version: | 3.6\(rel\) | Trust: 1.0 |
| vendor: | cisco | model: | vpn 3000 concentrator series software | scope: | eq | version: | 3.0 | Trust: 1.0 |
| vendor: | cisco | model: | vpn concentrator | scope: | eq | version: | 30003.5.3 | Trust: 0.9 |
| vendor: | cisco | model: | vpn concentrator | scope: | eq | version: | 30003.5.4 | Trust: 0.9 |
| vendor: | cisco | model: | vpn concentrator | scope: | eq | version: | 30003.1.1 | Trust: 0.9 |
| vendor: | cisco | model: | vpn hardware client | scope: | eq | version: | 3002 | Trust: 0.9 |
| vendor: | cisco | model: | - | scope: | - | version: | - | Trust: 0.8 |
| vendor: | cisco | model: | vpn concentrator | scope: | eq | version: | 30003.0.4 | Trust: 0.6 |
| vendor: | cisco | model: | vpn concentrator | scope: | eq | version: | 30003.1.4 | Trust: 0.6 |
| vendor: | cisco | model: | vpn concentrator | scope: | eq | version: | 30003.0 | Trust: 0.6 |
| vendor: | cisco | model: | vpn concentrator | scope: | eq | version: | 30003.5.2 | Trust: 0.6 |
| vendor: | cisco | model: | vpn concentrator | scope: | eq | version: | 30003.5 | Trust: 0.6 |
| vendor: | cisco | model: | vpn concentrator | scope: | eq | version: | 30003.1.2 | Trust: 0.6 |
| vendor: | cisco | model: | vpn concentrator | scope: | eq | version: | 30002.0 | Trust: 0.6 |
| vendor: | cisco | model: | vpn concentrator | scope: | eq | version: | 30003.5.1 | Trust: 0.6 |
| vendor: | cisco | model: | vpn 3000 concentrator | scope: | eq | version: | 3.6\(rel\) | Trust: 0.6 |
| vendor: | cisco | model: | vpn 3000 concentrator | scope: | eq | version: | 3.1.1 | Trust: 0.6 |
| vendor: | cisco | model: | vpn 3000 concentrator | scope: | eq | version: | 3.1.2 | Trust: 0.6 |
| vendor: | cisco | model: | vpn 3000 concentrator | scope: | eq | version: | 3.1\(rel\) | Trust: 0.6 |
| vendor: | cisco | model: | vpn 3000 concentrator | scope: | eq | version: | 3.5.3 | Trust: 0.6 |
| vendor: | cisco | model: | vpn 3000 concentrator | scope: | eq | version: | 3.1.4 | Trust: 0.6 |
| vendor: | cisco | model: | vpn 3000 concentrator | scope: | eq | version: | 3.5\(rel\) | Trust: 0.6 |
| vendor: | cisco | model: | vpn 3000 concentrator | scope: | eq | version: | 3.5.4 | Trust: 0.6 |
| vendor: | cisco | model: | vpn 3000 concentrator | scope: | eq | version: | 3.5.1 | Trust: 0.6 |
| vendor: | cisco | model: | vpn 3000 concentrator | scope: | eq | version: | 3.5.2 | Trust: 0.6 |
| vendor: | cisco | model: | vpn concentrator | scope: | ne | version: | 30003.5.5 | Trust: 0.3 |
| vendor: | cisco | model: | vpn concentrator | scope: | ne | version: | 30003.6 | Trust: 0.3 |
| vendor: | cisco | model: | vpn concentrator | scope: | ne | version: | 30003.6.1 | Trust: 0.3 |
| vendor: | cisco | model: | vpn concentrator | scope: | eq | version: | 30003.6 | Trust: 0.3 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | NVD-CWE-Other | Trust: 1.0 |
THREAT TYPE
network
Trust: 0.9
TYPE
Unknown
Trust: 0.9
EXTERNAL IDS
| db: | CERT/CC | id: | VU#761651 | Trust: 2.8 |
| db: | NVD | id: | CVE-2002-1103 | Trust: 2.0 |
| db: | BID | id: | 5619 | Trust: 1.1 |
| db: | BID | id: | 5609 | Trust: 1.1 |
| db: | CNNVD | id: | CNNVD-200210-038 | Trust: 0.7 |
| db: | CISCO | id: | 20020903 CISCO VPN 3000 CONCENTRATOR MULTIPLE VULNERABILITIES | Trust: 0.6 |
| db: | BID | id: | 89573 | Trust: 0.4 |
| db: | VULHUB | id: | VHN-5491 | Trust: 0.1 |
REFERENCES
| url: | http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml | Trust: 2.8 |
| url: | http://www.kb.cert.org/vuls/id/761651 | Trust: 2.0 |
| url: | http://www.ietf.org/rfc/rfc2401.txt | Trust: 0.8 |
| url: | http://www.ietf.org/rfc/rfc2408.txt | Trust: 0.8 |
| url: | http://online.securityfocus.com/bid/5609 | Trust: 0.8 |
| url: | http://online.securityfocus.com/bid/5619 | Trust: 0.8 |
| url: | http://online.securityfocus.com/archive/82/292506/2002-09-13/2002-09-19/0 | Trust: 0.8 |
| url: | http://www.iss.net/security_center/static/10028.php | Trust: 0.8 |
CREDITS
Vulnerability announced in a Cisco Security Advisory.
Trust: 0.6
SOURCES
| db: | CERT/CC | id: | VU#761651 |
| db: | VULHUB | id: | VHN-5491 |
| db: | BID | id: | 5619 |
| db: | BID | id: | 5609 |
| db: | BID | id: | 89573 |
| db: | CNNVD | id: | CNNVD-200210-038 |
| db: | NVD | id: | CVE-2002-1103 |
LAST UPDATE DATE
2024-08-14T14:16:19.312000+00:00
SOURCES UPDATE DATE
| db: | CERT/CC | id: | VU#761651 | date: | 2002-11-14T00:00:00 |
| db: | VULHUB | id: | VHN-5491 | date: | 2018-10-30T00:00:00 |
| db: | BID | id: | 5619 | date: | 2002-09-03T00:00:00 |
| db: | BID | id: | 5609 | date: | 2002-09-03T00:00:00 |
| db: | BID | id: | 89573 | date: | 2002-10-04T00:00:00 |
| db: | CNNVD | id: | CNNVD-200210-038 | date: | 2005-10-20T00:00:00 |
| db: | NVD | id: | CVE-2002-1103 | date: | 2018-10-30T16:26:19.107 |
SOURCES RELEASE DATE
| db: | CERT/CC | id: | VU#761651 | date: | 2002-09-03T00:00:00 |
| db: | VULHUB | id: | VHN-5491 | date: | 2002-10-04T00:00:00 |
| db: | BID | id: | 5619 | date: | 2002-09-03T00:00:00 |
| db: | BID | id: | 5609 | date: | 2002-09-03T00:00:00 |
| db: | BID | id: | 89573 | date: | 2002-10-04T00:00:00 |
| db: | CNNVD | id: | CNNVD-200210-038 | date: | 2002-10-04T00:00:00 |
| db: | NVD | id: | CVE-2002-1103 | date: | 2002-10-04T04:00:00 |