ID

VAR-200305-0025


CVE

CVE-2003-0259


TITLE

Cisco VPN 3000 Concentrator forces device to reload when processing malformed SSH initialization packet

Trust: 0.8

sources: CERT/CC: VU#317348

DESCRIPTION

Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 2.x.x through 3.6.7 allows remote attackers to cause a denial of service (reload) via a malformed SSH initialization packet. Provide services to merchants or enterprise users. There is no detailed vulnerability details at present, the CISCO BUG ID is: CSCdz15393

Trust: 1.98

sources: NVD: CVE-2003-0259 // CERT/CC: VU#317348 // BID: 86902 // VULHUB: VHN-7088

AFFECTED PRODUCTS

vendor:ciscomodel:vpn concentratorscope:eqversion:30002.5.2

Trust: 1.5

vendor:ciscomodel:vpn 3000 concentrator series softwarescope:eqversion:2.0

Trust: 1.0

vendor:ciscomodel:vpn 3000 concentrator series softwarescope:eqversion:2.5.2.a

Trust: 1.0

vendor:ciscomodel:vpn 3000 concentrator series softwarescope:eqversion:3.0.3.b

Trust: 1.0

vendor:ciscomodel:vpn 3000 concentrator series softwarescope:eqversion:3.6.3

Trust: 1.0

vendor:ciscomodel:vpn 3000 concentrator series softwarescope:eqversion:3.6.5

Trust: 1.0

vendor:ciscomodel:vpn 3002 hardware clientscope:eqversion:*

Trust: 1.0

vendor:ciscomodel:vpn 3000 concentrator series softwarescope:eqversion:2.5.2.b

Trust: 1.0

vendor:ciscomodel:vpn 3000 concentrator series softwarescope:eqversion:3.0.4

Trust: 1.0

vendor:ciscomodel:vpn 3000 concentrator series softwarescope:eqversion:3.0.3.a

Trust: 1.0

vendor:ciscomodel:vpn 3000 concentrator series softwarescope:eqversion:2.5.2.c

Trust: 1.0

vendor:ciscomodel:vpn 3000 concentrator series softwarescope:eqversion:2.5.2.d

Trust: 1.0

vendor:ciscomodel:vpn 3000 concentrator series softwarescope:eqversion:3.1

Trust: 1.0

vendor:ciscomodel:vpn 3015 concentratorscope:eqversion:*

Trust: 1.0

vendor:ciscomodel:vpn 3000 concentrator series softwarescope:eqversion:3.1.1

Trust: 1.0

vendor:ciscomodel:vpn 3000 concentrator series softwarescope:eqversion:3.1.2

Trust: 1.0

vendor:ciscomodel:vpn 3000 concentrator series softwarescope:eqversion:3.1.4

Trust: 1.0

vendor:ciscomodel:vpn 3030 concentatorscope:eqversion:*

Trust: 1.0

vendor:ciscomodel:vpn 3000 concentrator series softwarescope:eqversion:3.6

Trust: 1.0

vendor:ciscomodel:vpn 3000 concentrator series softwarescope:eqversion:3.6.7d

Trust: 1.0

vendor:ciscomodel:vpn 3000 concentrator series softwarescope:eqversion:3.5\(rel\)

Trust: 1.0

vendor:ciscomodel:vpn 3000 concentrator series softwarescope:eqversion:3.6.7

Trust: 1.0

vendor:ciscomodel:vpn 3000 concentrator series softwarescope:eqversion:2.5.2.f

Trust: 1.0

vendor:ciscomodel:vpn 3000 concentrator series softwarescope:eqversion:3.6.7.a

Trust: 1.0

vendor:ciscomodel:vpn 3000 concentrator series softwarescope:eqversion:3.5.4

Trust: 1.0

vendor:ciscomodel:vpn 3080 concentratorscope:eqversion:*

Trust: 1.0

vendor:ciscomodel:vpn 3000 concentrator series softwarescope:eqversion:3.6.7.c

Trust: 1.0

vendor:ciscomodel:vpn 3060 concentratorscope:eqversion:*

Trust: 1.0

vendor:ciscomodel:vpn 3000 concentrator series softwarescope:eqversion:3.1\(rel\)

Trust: 1.0

vendor:ciscomodel:vpn 3000 concentrator series softwarescope:eqversion:3.5.3

Trust: 1.0

vendor:ciscomodel:vpn 3000 concentrator series softwarescope:eqversion:3.5.2

Trust: 1.0

vendor:ciscomodel:vpn 3000 concentrator series softwarescope:eqversion:3.5.1

Trust: 1.0

vendor:ciscomodel:vpn 3000 concentrator series softwarescope:eqversion:3.5.5

Trust: 1.0

vendor:ciscomodel:vpn 3000 concentrator series softwarescope:eqversion:3.6.1

Trust: 1.0

vendor:ciscomodel:vpn 3000 concentrator series softwarescope:eqversion:3.6.7.b

Trust: 1.0

vendor:ciscomodel:vpn 3000 concentrator series softwarescope:eqversion:3.6.7.d

Trust: 1.0

vendor:ciscomodel:vpn 3000 concentrator series softwarescope:eqversion:3.0

Trust: 1.0

vendor:ciscomodel: - scope: - version: -

Trust: 0.8

vendor:ciscomodel:vpn concentratorscope:eqversion:30003.1

Trust: 0.6

vendor:ciscomodel:vpn concentratorscope:eqversion:30003.0.3

Trust: 0.6

vendor:ciscomodel:vpn 3000 concentratorscope:eqversion:3.6.7d

Trust: 0.6

vendor:ciscomodel:vpn 3000 concentratorscope:eqversion:3.6

Trust: 0.6

vendor:ciscomodel:vpn 3005 concentratorscope:eqversion:3.6.7.d

Trust: 0.6

vendor:ciscomodel:vpn 3000 concentratorscope:eqversion:3.5.5

Trust: 0.6

vendor:ciscomodel:vpn 3000 concentratorscope:eqversion:3.5.4

Trust: 0.6

vendor:ciscomodel:vpn 3000 concentratorscope:eqversion:3.6.7

Trust: 0.6

vendor:ciscomodel:vpn 3000 concentratorscope:eqversion:3.0.4

Trust: 0.6

vendor:ciscomodel:vpn 3000 concentratorscope:eqversion:3.0.3.b

Trust: 0.6

vendor:ciscomodel:vpn 3000 concentratorscope:eqversion:3.6.1

Trust: 0.6

vendor:ciscomodel:vpn 3005 concentratorscope:eqversion:3.6.7.c

Trust: 0.6

vendor:ciscomodel:vpn concentratorscope:eqversion:3080

Trust: 0.3

vendor:ciscomodel:vpn concentratorscope:eqversion:3060

Trust: 0.3

vendor:ciscomodel:vpn concentratorscope:eqversion:3015

Trust: 0.3

vendor:ciscomodel:vpn concentrator dscope:eqversion:30053.6.7

Trust: 0.3

vendor:ciscomodel:vpn concentrator cscope:eqversion:30053.6.7

Trust: 0.3

vendor:ciscomodel:vpn concentrator bscope:eqversion:30053.6.7

Trust: 0.3

vendor:ciscomodel:vpn concentrator ascope:eqversion:30053.6.7

Trust: 0.3

vendor:ciscomodel:vpn concentratorscope:eqversion:30053.6.7

Trust: 0.3

vendor:ciscomodel:vpn concentratorscope:eqversion:30053.6.5

Trust: 0.3

vendor:ciscomodel:vpn concentratorscope:eqversion:30053.6.3

Trust: 0.3

vendor:ciscomodel:vpn hardware clientscope:eqversion:3002

Trust: 0.3

vendor:ciscomodel:vpn concentrator dscope:eqversion:30003.6.7

Trust: 0.3

vendor:ciscomodel:vpn concentratorscope:eqversion:30003.6.7

Trust: 0.3

vendor:ciscomodel:vpn concentratorscope:eqversion:30003.6.1

Trust: 0.3

vendor:ciscomodel:vpn concentratorscope:eqversion:30003.6

Trust: 0.3

vendor:ciscomodel:vpn concentratorscope:eqversion:30003.5.5

Trust: 0.3

vendor:ciscomodel:vpn concentratorscope:eqversion:30003.5.4

Trust: 0.3

vendor:ciscomodel:vpn concentratorscope:eqversion:30003.5.3

Trust: 0.3

vendor:ciscomodel:vpn concentratorscope:eqversion:30003.5.2

Trust: 0.3

vendor:ciscomodel:vpn concentratorscope:eqversion:30003.5.1

Trust: 0.3

vendor:ciscomodel:vpn concentratorscope:eqversion:30003.1.4

Trust: 0.3

vendor:ciscomodel:vpn concentratorscope:eqversion:30003.1.2

Trust: 0.3

vendor:ciscomodel:vpn concentratorscope:eqversion:30003.1.1

Trust: 0.3

vendor:ciscomodel:vpn concentratorscope:eqversion:30003.0.4

Trust: 0.3

vendor:ciscomodel:vpn concentratorscope:eqversion:30003.0

Trust: 0.3

vendor:ciscomodel:vpn concentratorscope:eqversion:30002.0

Trust: 0.3

sources: CERT/CC: VU#317348 // BID: 86902 // CNNVD: CNNVD-200305-074 // NVD: CVE-2003-0259

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2003-0259
value: MEDIUM

Trust: 1.0

CARNEGIE MELLON: VU#317348
value: 6.75

Trust: 0.8

CNNVD: CNNVD-200305-074
value: MEDIUM

Trust: 0.6

VULHUB: VHN-7088
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2003-0259
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-7088
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#317348 // VULHUB: VHN-7088 // CNNVD: CNNVD-200305-074 // NVD: CVE-2003-0259

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2003-0259

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200305-074

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200305-074

EXTERNAL IDS

db:CERT/CCid:VU#317348

Trust: 2.8

db:NVDid:CVE-2003-0259

Trust: 2.0

db:CNNVDid:CNNVD-200305-074

Trust: 0.7

db:CISCOid:20030507 CISCO VPN 3000 CONCENTRATOR VULNERABILITIES

Trust: 0.6

db:XFid:11955

Trust: 0.6

db:BIDid:86902

Trust: 0.4

db:VULHUBid:VHN-7088

Trust: 0.1

sources: CERT/CC: VU#317348 // VULHUB: VHN-7088 // BID: 86902 // CNNVD: CNNVD-200305-074 // NVD: CVE-2003-0259

REFERENCES

url:http://www.cisco.com/warp/public/707/cisco-sa-20030507-vpn3k.shtml

Trust: 2.8

url:http://www.kb.cert.org/vuls/id/317348

Trust: 2.0

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/11955

Trust: 1.1

url:http://www.iss.net/security_center/static/11955.php

Trust: 0.8

url:http://xforce.iss.net/xforce/xfdb/11955

Trust: 0.6

sources: CERT/CC: VU#317348 // VULHUB: VHN-7088 // BID: 86902 // CNNVD: CNNVD-200305-074 // NVD: CVE-2003-0259

CREDITS

Cisco Systems Product Security Incident Response Team※ psirt@cisco.com

Trust: 0.6

sources: CNNVD: CNNVD-200305-074

SOURCES

db:CERT/CCid:VU#317348
db:VULHUBid:VHN-7088
db:BIDid:86902
db:CNNVDid:CNNVD-200305-074
db:NVDid:CVE-2003-0259

LAST UPDATE DATE

2024-08-14T14:29:30.893000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#317348date:2003-06-23T00:00:00
db:VULHUBid:VHN-7088date:2018-10-30T00:00:00
db:BIDid:86902date:2003-05-27T00:00:00
db:CNNVDid:CNNVD-200305-074date:2005-10-20T00:00:00
db:NVDid:CVE-2003-0259date:2018-10-30T16:26:19.230

SOURCES RELEASE DATE

db:CERT/CCid:VU#317348date:2003-06-23T00:00:00
db:VULHUBid:VHN-7088date:2003-05-27T00:00:00
db:BIDid:86902date:2003-05-27T00:00:00
db:CNNVDid:CNNVD-200305-074date:2003-05-27T00:00:00
db:NVDid:CVE-2003-0259date:2003-05-27T04:00:00