Details of VAR-200401-0045

ID

VAR-200401-0045

CVE

CVE-2003-1004

TITLE

Cisco PIX Firewall In VPNC IPSec Vulnerability that can break the tunnel

Trust: 0.8

sources: JVNDB: JVNDB-2003-000378

DESCRIPTION

Cisco PIX firewall 6.2.x through 6.2.3, when configured as a VPN Client, allows remote attackers to cause a denial of service (dropped IPSec tunnel connection) via an IKE Phase I negotiation request to the outside interface of the firewall. Cisco PIX has been reported prone to multiple remote denial of service vulnerabilities. The first issue has been reported to present itself when the affected PIX firewall processes an SNMPv3 message, in certain circumstances. Specifically, if the Cisco PIX device receives and processes an SNMPv3 message, the PIX firewall will crash and reload. PIX Firewall is prone to a denial-of-service vulnerability

Trust: 2.34

sources: NVD: CVE-2003-1004 // JVNDB: JVNDB-2003-000378 // BID: 9221 // BID: 77833 // VULHUB: VHN-7829 // VULMON: CVE-2003-1004

AFFECTED PRODUCTS

vendor:	cisco	model:	pix firewall	scope:	eq	version:	6.2	Trust: 2.0
vendor:	cisco	model:	pix firewall software	scope:	eq	version:	6.2\(3.100\)	Trust: 1.6
vendor:	cisco	model:	pix firewall software	scope:	eq	version:	6.2\(2\)	Trust: 1.6
vendor:	cisco	model:	pix firewall software	scope:	eq	version:	6.2\(3\)	Trust: 1.6
vendor:	cisco	model:	pix firewall	scope:	eq	version:	6.2.2_.111	Trust: 1.6
vendor:	cisco	model:	pix firewall software	scope:	eq	version:	6.2\(1\)	Trust: 1.6
vendor:	cisco	model:	pix firewall software	scope:	eq	version:	6.2	Trust: 1.0
vendor:	cisco	model:	pix firewall	scope:	eq	version:	6.2.2.111	Trust: 0.6
vendor:	cisco	model:	pix firewall	scope:	eq	version:	6.2(3)	Trust: 0.6
vendor:	cisco	model:	pix firewall	scope:	eq	version:	6.2(2)	Trust: 0.6
vendor:	cisco	model:	pix firewall	scope:	eq	version:	6.2(1)	Trust: 0.6
vendor:	cisco	model:	pix firewall	scope:	eq	version:	6.2\(3\)	Trust: 0.6
vendor:	cisco	model:	pix firewall	scope:	eq	version:	6.2\(1\)	Trust: 0.6
vendor:	cisco	model:	pix firewall	scope:	eq	version:	6.2\(2\)	Trust: 0.6
vendor:	cisco	model:	pix firewall	scope:	eq	version:	6.2\(3.100\)	Trust: 0.6
vendor:	cisco	model:	pix firewall	scope:	eq	version:	6.3.1	Trust: 0.3
vendor:	cisco	model:	pix firewall	scope:	eq	version:	6.3(1)	Trust: 0.3
vendor:	cisco	model:	pix firewall	scope:	eq	version:	6.3	Trust: 0.3
vendor:	cisco	model:	pix firewall	scope:	eq	version:	6.2.2	Trust: 0.3
vendor:	cisco	model:	pix firewall	scope:	eq	version:	6.2.1	Trust: 0.3
vendor:	cisco	model:	pix firewall	scope:	eq	version:	6.2(3.100)	Trust: 0.3
vendor:	cisco	model:	pix firewall	scope:	eq	version:	6.1.4	Trust: 0.3
vendor:	cisco	model:	pix firewall	scope:	eq	version:	6.1.3	Trust: 0.3
vendor:	cisco	model:	pix firewall	scope:	eq	version:	6.1(5)	Trust: 0.3
vendor:	cisco	model:	pix firewall	scope:	eq	version:	6.1(4)	Trust: 0.3
vendor:	cisco	model:	pix firewall	scope:	eq	version:	6.1(3)	Trust: 0.3
vendor:	cisco	model:	pix firewall	scope:	eq	version:	6.1(2)	Trust: 0.3
vendor:	cisco	model:	pix firewall	scope:	eq	version:	6.1(1)	Trust: 0.3
vendor:	cisco	model:	pix firewall	scope:	eq	version:	6.1	Trust: 0.3
vendor:	cisco	model:	pix firewall	scope:	eq	version:	6.0.4	Trust: 0.3
vendor:	cisco	model:	pix firewall	scope:	eq	version:	6.0.3	Trust: 0.3
vendor:	cisco	model:	pix firewall	scope:	eq	version:	6.0(4.101)	Trust: 0.3
vendor:	cisco	model:	pix firewall	scope:	eq	version:	6.0(4)	Trust: 0.3
vendor:	cisco	model:	pix firewall	scope:	eq	version:	6.0(2)	Trust: 0.3
vendor:	cisco	model:	pix firewall	scope:	eq	version:	6.0(1)	Trust: 0.3
vendor:	cisco	model:	pix firewall	scope:	eq	version:	6.0	Trust: 0.3
vendor:	cisco	model:	pix firewall	scope:	eq	version:	5.3(3)	Trust: 0.3
vendor:	cisco	model:	pix firewall	scope:	eq	version:	5.3(2)	Trust: 0.3
vendor:	cisco	model:	pix firewall	scope:	eq	version:	5.3(1.200)	Trust: 0.3
vendor:	cisco	model:	pix firewall	scope:	eq	version:	5.3(1)	Trust: 0.3
vendor:	cisco	model:	pix firewall	scope:	eq	version:	5.3	Trust: 0.3
vendor:	cisco	model:	pix firewall	scope:	eq	version:	5.2(9)	Trust: 0.3
vendor:	cisco	model:	pix firewall	scope:	eq	version:	5.2(7)	Trust: 0.3
vendor:	cisco	model:	pix firewall	scope:	eq	version:	5.2(6)	Trust: 0.3
vendor:	cisco	model:	pix firewall	scope:	eq	version:	5.2(5)	Trust: 0.3
vendor:	cisco	model:	pix firewall	scope:	eq	version:	5.2(3.210)	Trust: 0.3
vendor:	cisco	model:	pix firewall	scope:	eq	version:	5.2(2)	Trust: 0.3
vendor:	cisco	model:	pix firewall	scope:	eq	version:	5.2(1)	Trust: 0.3
vendor:	cisco	model:	pix firewall	scope:	eq	version:	5.2	Trust: 0.3
vendor:	cisco	model:	pix firewall	scope:	eq	version:	5.1.4	Trust: 0.3
vendor:	cisco	model:	pix firewall	scope:	eq	version:	5.1(4.206)	Trust: 0.3
vendor:	cisco	model:	pix firewall	scope:	eq	version:	5.1	Trust: 0.3
vendor:	cisco	model:	pix firewall	scope:	eq	version:	5.0	Trust: 0.3
vendor:	cisco	model:	firewall services module	scope:	eq	version:	2.1(0.208)	Trust: 0.3
vendor:	cisco	model:	pix firewall	scope:	ne	version:	6.3.2	Trust: 0.3
vendor:	cisco	model:	pix firewall	scope:	ne	version:	6.2.3	Trust: 0.3
vendor:	cisco	model:	pix firewall	scope:	ne	version:	6.1.5	Trust: 0.3

sources: BID: 9221 // BID: 77833 // JVNDB: JVNDB-2003-000378 // CNNVD: CNNVD-200401-021 // NVD: CVE-2003-1004

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2003-1004
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2003-1004
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200401-021
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-7829
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2003-1004
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2003-1004
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-7829
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-7829 // VULMON: CVE-2003-1004 // JVNDB: JVNDB-2003-000378 // CNNVD: CNNVD-200401-021 // NVD: CVE-2003-1004

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2003-1004

THREAT TYPE

network

Trust: 0.6

sources: BID: 9221 // BID: 77833

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200401-021

CONFIGURATIONS

sources: JVNDB: JVNDB-2003-000378

PATCH

title:	cisco-sa-20031215-pix	url:	http://www.cisco.com/warp/public/707/cisco-sa-20031215-pix.shtml	Trust: 0.8
title:	Cisco: Cisco PIX Vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20031215-pix	Trust: 0.1

sources: VULMON: CVE-2003-1004 // JVNDB: JVNDB-2003-000378

EXTERNAL IDS

db:	NVD	id:	CVE-2003-1004	Trust: 2.9
db:	BID	id:	9221	Trust: 1.1
db:	SECTRACK	id:	1008475	Trust: 0.8
db:	JVNDB	id:	JVNDB-2003-000378	Trust: 0.8
db:	CNNVD	id:	CNNVD-200401-021	Trust: 0.7
db:	CISCO	id:	20031215 CISCO PIX VULNERABILITIES	Trust: 0.6
db:	BID	id:	77833	Trust: 0.5
db:	VULHUB	id:	VHN-7829	Trust: 0.1
db:	VULMON	id:	CVE-2003-1004	Trust: 0.1

sources: VULHUB: VHN-7829 // VULMON: CVE-2003-1004 // BID: 9221 // BID: 77833 // JVNDB: JVNDB-2003-000378 // CNNVD: CNNVD-200401-021 // NVD: CVE-2003-1004

REFERENCES

url:	http://www.cisco.com/warp/public/707/cisco-sa-20031215-pix.shtml	Trust: 2.4
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2003-1004	Trust: 0.8
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2003-1004	Trust: 0.8
url:	http://www.securityfocus.com/bid/9221	Trust: 0.8
url:	http://www.securitytracker.com/alerts/2003/dec/1008475.html	Trust: 0.8
url:	http://www.cisco.com	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.securityfocus.com/bid/77833	Trust: 0.1
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=7085	Trust: 0.1

sources: VULHUB: VHN-7829 // VULMON: CVE-2003-1004 // BID: 9221 // BID: 77833 // JVNDB: JVNDB-2003-000378 // CNNVD: CNNVD-200401-021 // NVD: CVE-2003-1004

CREDITS

The vendor announced these vulnerabilities.

Trust: 0.3

sources: BID: 9221

SOURCES

db:	VULHUB	id:	VHN-7829
db:	VULMON	id:	CVE-2003-1004
db:	BID	id:	9221
db:	BID	id:	77833
db:	JVNDB	id:	JVNDB-2003-000378
db:	CNNVD	id:	CNNVD-200401-021
db:	NVD	id:	CVE-2003-1004

LAST UPDATE DATE

2024-08-14T14:23:06.021000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-7829	date:	2018-10-30T00:00:00
db:	VULMON	id:	CVE-2003-1004	date:	2018-10-30T00:00:00
db:	BID	id:	9221	date:	2003-12-15T00:00:00
db:	BID	id:	77833	date:	2004-01-05T00:00:00
db:	JVNDB	id:	JVNDB-2003-000378	date:	2007-04-01T00:00:00
db:	CNNVD	id:	CNNVD-200401-021	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2003-1004	date:	2018-10-30T16:26:18.060

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-7829	date:	2004-01-05T00:00:00
db:	VULMON	id:	CVE-2003-1004	date:	2004-01-05T00:00:00
db:	BID	id:	9221	date:	2003-12-15T00:00:00
db:	BID	id:	77833	date:	2004-01-05T00:00:00
db:	JVNDB	id:	JVNDB-2003-000378	date:	2007-04-01T00:00:00
db:	CNNVD	id:	CNNVD-200401-021	date:	2004-01-05T00:00:00
db:	NVD	id:	CVE-2003-1004	date:	2004-01-05T05:00:00