Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-2139

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2002-2139
Last Modified 05 Sep 2008 04:32:25
Published 31 Dec 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-2139

Summary

Cisco PIX Firewall 6.0.3 and earlier, and 6.1.x to 6.1.3, do not delete the duplicate ISAKMP SAs for a user's VPN session, which allows local users to hijack a session via a man-in-the-middle attack.

Vulnerable Systems

Operating System

  • Cisco Pix Firewall 6.0

  • Cisco Pix Firewall 6.0%281%29

  • Cisco Pix Firewall 6.0%282%29

  • Cisco Pix Firewall 6.0%283%29

  • Cisco Pix Firewall 6.1

  • Cisco Pix Firewall 6.1%282%29

  • Cisco Pix Firewall 6.1%283%29


References

BID - 6211

CIAC - N-017

XF - cisco-pix-isakmp-sa-mitm(10660)

CISCO - 20021120 Cisco PIX Multiple Vulnerabilities


Last Updated: 27 May 2016 10:37:38