CVE-2001-0427

EPSS 0.86%
Published 18.06.2001 04:00:00
Last modified 03.04.2025 01:03:51
Source cve@mitre.org
Teams watchlist Login
Open Login

Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote attackers to cause a denial of service via a flood of invalid login requests to (1) the SSL service, or (2) the telnet service, which do not properly disconnect the user after several failed login attempts.

Affected products Warnungen 0 Metrics 2 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Cisco ≫ Vpn 3000 Concentrator

Cisco ≫ Vpn 3005 Concentrator

Cisco ≫ Vpn 3015 Concentrator

Cisco ≫ Vpn 3030 Concentator

Cisco ≫ Vpn 3060 Concentrator

Cisco ≫ Vpn 3080 Concentrator

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.86%	0.728

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.1	8.6	6.9	AV:N/AC:M/Au:N/C:N/I:N/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.cisco.com/warp/public/707/vpn3k-telnet-vuln-pub.shtml

Patch

Vendor Advisory

http://www.osvdb.org/5643

https://exchange.xforce.ibmcloud.com/vulnerabilities/6298

https://nvd.nist.gov/vuln/detail/CVE-2001-0427

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2001-0427

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2001-0427

EUVD