CVE-2001-0427

Published Jun 18, 2001

Last updated 7 years ago

Overview

Description: Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote attackers to cause a denial of service via a flood of invalid login requests to (1) the SSL service, or (2) the telnet service, which do not properly disconnect the user after several failed login attempts.
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.1
Impact score: 6.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:N/A:C

Weaknesses

nvd@nist.gov: CWE-20

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:vpn_3000_concentrator:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "24BE2649-D823-486B-8F6C-4B8128EC2795"
          },
          {
            "criteria": "cpe:2.3:h:cisco:vpn_3005_concentrator:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E098419B-1B9E-4191-9C72-65CE43E38F3B"
          },
          {
            "criteria": "cpe:2.3:h:cisco:vpn_3015_concentrator:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0A512328-2FD0-4B1D-9327-A13A0BCE9C0D"
          },
          {
            "criteria": "cpe:2.3:h:cisco:vpn_3030_concentator:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6548F964-B8EE-4B39-87CF-99743D41C42C"
          },
          {
            "criteria": "cpe:2.3:h:cisco:vpn_3060_concentrator:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E08810E6-33B6-45FF-91C7-EED10DC023EA"
          },
          {
            "criteria": "cpe:2.3:h:cisco:vpn_3080_concentrator:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2BD1A1AC-980F-428E-8BAF-0FC821014868"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References