Details of VAR-200401-0043

ID

VAR-200401-0043

CVE

CVE-2003-1002

TITLE

Cisco FWSM Multiple security vulnerabilities

Trust: 0.6

sources: CNNVD: CNNVD-200401-024

DESCRIPTION

Cisco Firewall Services Module (FWSM) in Cisco Catalyst 6500 and 7600 series devices allows remote attackers to cause a denial of service (crash and reload) via an SNMPv3 message when snmp-server is set. CSCeb16356 (HTTP Auth) Vulnerability: Passing HTTP Auth requests using TACACS+ or RADIUS authentication can cause Cisco FWSM to crash and reload due to send buffer overflow. This request can be initiated by the user by initiating an FTP, TELNET or HTTP connection. Cisco FWSM will only allow communication if the username and password are authenticated by the specified ACACS+ or RADIUS server. CSCeb88419 (SNMPv3) Vulnerability When configuring snmp-server host <if_name> <ip_addr> or snmp-server host <if_name> <ip_addr> poll on the Cisco FWSM module, when processing the received SNMPv3 message, the Cisco FWSM may crash and generate a rejection Serve. This vulnerability is not affected only when the snmp-server host <if_name> <ip_addr> trap command is configured on the Cisco FWSM module

Trust: 1.26

sources: NVD: CVE-2003-1002 // BID: 88263 // VULHUB: VHN-7827

AFFECTED PRODUCTS

vendor:	cisco	model:	catalyst 6500 ws-svc-nam-2	scope:	eq	version:	2.2\(1a\)	Trust: 1.6
vendor:	cisco	model:	catalyst 7600 ws-svc-nam-1	scope:	eq	version:	3.1\(1a\)	Trust: 1.6
vendor:	cisco	model:	catalyst 6500 ws-x6380-nam	scope:	eq	version:	2.1\(2\)	Trust: 1.6
vendor:	cisco	model:	catalyst 7600 ws-svc-nam-1	scope:	eq	version:	2.2\(1a\)	Trust: 1.6
vendor:	cisco	model:	catalyst 6500 ws-svc-nam-1	scope:	eq	version:	3.1\(1a\)	Trust: 1.6
vendor:	cisco	model:	catalyst 6500 ws-svc-nam-1	scope:	eq	version:	2.2\(1a\)	Trust: 1.6
vendor:	cisco	model:	catalyst 6500 ws-x6380-nam	scope:	eq	version:	3.1\(1a\)	Trust: 1.6
vendor:	cisco	model:	catalyst 7600 ws-svc-nam-2	scope:	eq	version:	2.2\(1a\)	Trust: 1.6
vendor:	cisco	model:	catalyst 6500 ws-svc-nam-2	scope:	eq	version:	3.1\(1a\)	Trust: 1.6
vendor:	cisco	model:	firewall services module	scope:	eq	version:	1.1.2	Trust: 1.3
vendor:	cisco	model:	catalyst 7600 ws-x6380-nam	scope:	eq	version:	3.1\(1a\)	Trust: 1.0
vendor:	cisco	model:	catos	scope:	eq	version:	5.4\(1\)	Trust: 1.0
vendor:	cisco	model:	catos	scope:	eq	version:	7.5\(1\)	Trust: 1.0
vendor:	cisco	model:	catalyst 7600 ws-svc-nam-2	scope:	eq	version:	3.1\(1a\)	Trust: 1.0
vendor:	cisco	model:	catalyst 6500	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	catos	scope:	eq	version:	7.6\(1\)	Trust: 1.0
vendor:	cisco	model:	firewall services module	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	catalyst 7600 ws-x6380-nam	scope:	eq	version:	2.1\(2\)	Trust: 1.0
vendor:	cisco	model:	catalyst 6500	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	catos	scope:	eq	version:	7.5(1)	Trust: 0.3
vendor:	cisco	model:	catalyst ws-x6380-nam	scope:	eq	version:	76003.1	Trust: 0.3
vendor:	cisco	model:	catalyst ws-svc-nam-2	scope:	eq	version:	76003.1	Trust: 0.3
vendor:	cisco	model:	catalyst ws-x6380-nam	scope:	eq	version:	76002.1	Trust: 0.3
vendor:	cisco	model:	catalyst ws-svc-nam-1	scope:	eq	version:	65002.2	Trust: 0.3
vendor:	cisco	model:	catalyst	scope:	eq	version:	6500	Trust: 0.3

sources: BID: 88263 // CNNVD: CNNVD-200401-024 // NVD: CVE-2003-1002

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2003-1002
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200401-024
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-7827
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2003-1002
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-7827
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-7827 // CNNVD: CNNVD-200401-024 // NVD: CVE-2003-1002

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2003-1002

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200401-024

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200401-024

EXTERNAL IDS

db:	NVD	id:	CVE-2003-1002	Trust: 2.0
db:	CNNVD	id:	CNNVD-200401-024	Trust: 0.7
db:	CISCO	id:	20031215 CISCO FWSM VULNERABILITIES	Trust: 0.6
db:	BID	id:	88263	Trust: 0.3
db:	VULHUB	id:	VHN-7827	Trust: 0.1

sources: VULHUB: VHN-7827 // BID: 88263 // CNNVD: CNNVD-200401-024 // NVD: CVE-2003-1002

REFERENCES

url:

http://www.cisco.com/warp/public/707/cisco-sa-20031215-fwsm.shtml

Trust: 2.0

sources: VULHUB: VHN-7827 // BID: 88263 // CNNVD: CNNVD-200401-024 // NVD: CVE-2003-1002

CREDITS

Cisco Security bulletin

Trust: 0.6

sources: CNNVD: CNNVD-200401-024

SOURCES

db:	VULHUB	id:	VHN-7827
db:	BID	id:	88263
db:	CNNVD	id:	CNNVD-200401-024
db:	NVD	id:	CVE-2003-1002

LAST UPDATE DATE

2024-08-14T13:40:23.378000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-7827	date:	2008-09-10T00:00:00
db:	BID	id:	88263	date:	2016-07-06T14:33:00
db:	CNNVD	id:	CNNVD-200401-024	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2003-1002	date:	2008-09-10T19:21:24.413

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-7827	date:	2004-01-05T00:00:00
db:	BID	id:	88263	date:	2004-01-05T00:00:00
db:	CNNVD	id:	CNNVD-200401-024	date:	2003-12-15T00:00:00
db:	NVD	id:	CVE-2003-1002	date:	2004-01-05T05:00:00