Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0258

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2003-0258
Last Modified 10 Sep 2008 03:18:26
Published 27 May 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2003-0258

Summary

Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 3.5.x through 4.0.REL, when enabling IPSec over TCP for a port on the concentrator, allow remote attackers to reach the private network without authentication.

Vulnerable Systems

Operating System

  • Cisco Vpn 3000 Concentrator 3.5%28rel%29

  • Cisco Vpn 3000 Concentrator 3.5.1

  • Cisco Vpn 3000 Concentrator 3.5.2

  • Cisco Vpn 3000 Concentrator 3.5.3

  • Cisco Vpn 3000 Concentrator 3.5.4

  • Cisco Vpn 3000 Concentrator 3.5.5

  • Cisco Vpn 3000 Concentrator 3.6

  • Cisco Vpn 3000 Concentrator 3.6.1

  • Cisco Vpn 3000 Concentrator 3.6.7d

  • Cisco Vpn 3000 Concentrator 4.0

  • Cisco Vpn 3005 Concentrator 3.6.3

  • Cisco Vpn 3005 Concentrator 3.6.5

  • Cisco Vpn 3005 Concentrator 3.6.7

  • Cisco Vpn 3005 Concentrator 3.6.7.a

  • Cisco Vpn 3005 Concentrator 3.6.7.b

  • Cisco Vpn 3005 Concentrator 3.6.7.c

  • Cisco Vpn 3005 Concentrator 3.6.7.d

  • Cisco Vpn 3005 Concentrator 4.0

  • Cisco Vpn 3005 Concentrator 4.0.1

Application

  • Cisco Vpn 3002 Hardware Client


References

CERT-VN - VU#727780

CISCO - 20030507 Cisco VPN 3000 Concentrator Vulnerabilities

XF - cisco-vpn-unauth-access(11954)


Last Updated: 27 May 2016 10:37:50