Sign-up

ID

VAR-200212-0703


CVE

CVE-2002-2379


TITLE

Cisco AS5350 Universal Gateway Remote Denial of Service Attack Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200212-298

DESCRIPTION

Cisco AS5350 IOS 12.2(11)T with access control lists (ACLs) applied and possibly with ssh running allows remote attackers to cause a denial of service (crash) via a port scan, possibly due to an ssh bug. NOTE: this issue could not be reproduced by the vendor. The Cisco AS5350 Universal Gateway is reported to be prone to a denial of service condition. It is possible to cause this condition by portscanning a vulnerable device. This issue was reported for Cisco AS5350 devices running Cisco IOS release 12.2(11)T. Other firmware and devices may also be affected. There are conflicting reports regarding the existence of this vulnerability. Other sources have indicated that the issue may be related to a configuration problem. Attackers can use the Nmap scanner to scan the ports 1-65535 of the Cisco AS5350 Universal Gateway, which can cause the system to hang and require a restart of the device to obtain normal functions. However, there are many different views on this issue. improper

Trust: 1.26

sources: NVD: CVE-2002-2379 // BID: 6059 // VULHUB: VHN-6762

AFFECTED PRODUCTS

vendor:ciscomodel:as5350scope:eqversion:12.2\(11t\)

Trust: 1.6

vendor:ciscomodel:ios 12.2 tscope: - version: -

Trust: 0.3

vendor:ciscomodel:as5350scope: - version: -

Trust: 0.3

sources: BID: 6059 // CNNVD: CNNVD-200212-298 // NVD: CVE-2002-2379

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2002-2379
value: HIGH

Trust: 1.0

CNNVD: CNNVD-200212-298
value: HIGH

Trust: 0.6

VULHUB: VHN-6762
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2002-2379
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-6762
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-6762 // CNNVD: CNNVD-200212-298 // NVD: CVE-2002-2379

PROBLEMTYPE DATA

problemtype:CWE-310

Trust: 1.1

sources: VULHUB: VHN-6762 // NVD: CVE-2002-2379

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200212-298

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-200212-298

EXPLOIT AVAILABILITY

sources:
            
            
            VULHUB: VHN-6762

EXTERNAL IDS
db:BIDid:6059
Trust: 2.0
db:NVDid:CVE-2002-2379
Trust: 1.7
db:CNNVDid:CNNVD-200212-298
Trust: 0.7
db:NSFOCUSid:3747
Trust: 0.6
db:BUGTRAQid:20021029 RE: CISCO AS5350 CRASHES WITH NMAP CONNECT SCAN
Trust: 0.6
db:BUGTRAQid:20021028 CISCO AS5350 CRASHES WITH NMAP CONNECT SCAN
Trust: 0.6
db:CISCOid:20021029 RESPONSE TO BUGTRAQ - CISCO AS5350 CRASHES WITH NMAP CONNECT SCAN
Trust: 0.6
db:XFid:5350
Trust: 0.6
db:EXPLOIT-DBid:21971
Trust: 0.1
db:VULHUBid:VHN-6762
Trust: 0.1
sources:
            
            
            VULHUB: VHN-6762 // 
            
            
            
            BID: 6059 // 
            
            
            
            CNNVD: CNNVD-200212-298 // 
            
            
            
            NVD: CVE-2002-2379

REFERENCES
url:http://www.securityfocus.com/bid/6059
Trust: 1.7
url:http://cert.uni-stuttgart.de/archive/bugtraq/2002/10/msg00397.html
Trust: 1.7
url:http://cert.uni-stuttgart.de/archive/bugtraq/2002/10/msg00411.html
Trust: 1.7
url:http://cert.uni-stuttgart.de/archive/bugtraq/2002/10/msg00413.html
Trust: 1.7
url:http://cert.uni-stuttgart.de/archive/bugtraq/2002/10/msg00420.html
Trust: 1.7
url:http://www.cisco.com/en/us/products/hw/univgate/ps501/products_security_notice09186a008024dba2.html
Trust: 1.7
url:http://www.iss.net/security_center/static/10522.php
Trust: 1.7
url:http://www.nsfocus.net/vulndb/3747
Trust: 0.6
url:/archive/1/297689
Trust: 0.3
url:/archive/1/297691
Trust: 0.3
url:/archive/1/297710
Trust: 0.3
sources:
            
            
            VULHUB: VHN-6762 // 
            
            
            
            BID: 6059 // 
            
            
            
            CNNVD: CNNVD-200212-298 // 
            
            
            
            NVD: CVE-2002-2379

CREDITS
Thomas Munn※ munn@bigfoot.com
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200212-298

SOURCES
db:VULHUBid:VHN-6762
db:BIDid:6059
db:CNNVDid:CNNVD-200212-298
db:NVDid:CVE-2002-2379

LAST UPDATE DATE
2024-08-14T13:40:32.474000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-6762date:2008-09-05T00:00:00
db:BIDid:6059date:2002-10-28T00:00:00
db:CNNVDid:CNNVD-200212-298date:2002-12-31T00:00:00
db:NVDid:CVE-2002-2379date:2024-08-08T04:17:03.280

SOURCES RELEASE DATE
db:VULHUBid:VHN-6762date:2002-12-31T00:00:00
db:BIDid:6059date:2002-10-28T00:00:00
db:CNNVDid:CNNVD-200212-298date:2002-08-28T00:00:00
db:NVDid:CVE-2002-2379date:2002-12-31T05:00:00