Details of VAR-200210-0275

ID

VAR-200210-0275

CVE

CVE-2002-1104

TITLE

Cisco VPN Client NETBIOS TCP Packet Remote Denial of Service Attack Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200210-163

DESCRIPTION

Cisco Virtual Private Network (VPN) Client software 2.x.x and 3.x before 3.0.5 allows remote attackers to cause a denial of service (crash) via TCP packets with source and destination ports of 137 (NETBIOS). It is possible for a remote attacker to exploit this condition to shut down a connection that the client has initiated by sending a NETBIOS packet to port 137 of the host running the client. It can be used under the Microsoft Windows operating system, and can also be used under the Linux operating system. CISCO designated this vulnerability number as: CSCdt35749

Trust: 1.26

sources: NVD: CVE-2002-1104 // BID: 5649 // VULHUB: VHN-5492

AFFECTED PRODUCTS

vendor:	cisco	model:	vpn client	scope:	eq	version:	2.0	Trust: 1.6
vendor:	cisco	model:	vpn client	scope:	eq	version:	3.0	Trust: 1.6
vendor:	cisco	model:	vpn client for windows	scope:	eq	version:	3.0	Trust: 0.3
vendor:	cisco	model:	vpn client for windows	scope:	eq	version:	2.0	Trust: 0.3
vendor:	cisco	model:	vpn client for windows	scope:	ne	version:	3.0.5	Trust: 0.3

sources: BID: 5649 // CNNVD: CNNVD-200210-163 // NVD: CVE-2002-1104

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2002-1104
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200210-163
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-5492
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2002-1104
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-5492
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-5492 // CNNVD: CNNVD-200210-163 // NVD: CVE-2002-1104

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-1104

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200210-163

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200210-163

EXTERNAL IDS

db:	BID	id:	5649	Trust: 2.0
db:	NVD	id:	CVE-2002-1104	Trust: 1.7
db:	CNNVD	id:	CNNVD-200210-163	Trust: 0.7
db:	CISCO	id:	20020905 CISCO VPN CLIENT MULTIPLE VULNERABILITIES - SECOND SET	Trust: 0.6
db:	XF	id:	10042	Trust: 0.6
db:	VULHUB	id:	VHN-5492	Trust: 0.1

sources: VULHUB: VHN-5492 // BID: 5649 // CNNVD: CNNVD-200210-163 // NVD: CVE-2002-1104

REFERENCES

url:	http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml	Trust: 3.0
url:	http://www.securityfocus.com/bid/5649	Trust: 2.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/10042	Trust: 2.1
url:	http://xforce.iss.net/xforce/xfdb/10042	Trust: 0.6

sources: VULHUB: VHN-5492 // BID: 5649 // CNNVD: CNNVD-200210-163 // NVD: CVE-2002-1104

CREDITS

Cisco Security Advisory

Trust: 0.6

sources: CNNVD: CNNVD-200210-163

SOURCES

db:	VULHUB	id:	VHN-5492
db:	BID	id:	5649
db:	CNNVD	id:	CNNVD-200210-163
db:	NVD	id:	CVE-2002-1104

LAST UPDATE DATE

2024-11-22T22:58:41.363000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-5492	date:	2017-10-10T00:00:00
db:	BID	id:	5649	date:	2002-09-05T00:00:00
db:	CNNVD	id:	CNNVD-200210-163	date:	2005-05-13T00:00:00
db:	NVD	id:	CVE-2002-1104	date:	2024-11-20T23:40:36.220

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-5492	date:	2002-10-04T00:00:00
db:	BID	id:	5649	date:	2002-09-05T00:00:00
db:	CNNVD	id:	CNNVD-200210-163	date:	2002-09-05T00:00:00
db:	NVD	id:	CVE-2002-1104	date:	2002-10-04T04:00:00