CVE-2001-0427

EPSS 0.86%
Veröffentlicht 18.06.2001 04:00:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote attackers to cause a denial of service via a flood of invalid login requests to (1) the SSL service, or (2) the telnet service, which do not properly disconnect the user after several failed login attempts.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cisco ≫ Vpn 3000 Concentrator

Cisco ≫ Vpn 3005 Concentrator

Cisco ≫ Vpn 3015 Concentrator

Cisco ≫ Vpn 3030 Concentator

Cisco ≫ Vpn 3060 Concentrator

Cisco ≫ Vpn 3080 Concentrator

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.86%	0.728

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.1	8.6	6.9	AV:N/AC:M/Au:N/C:N/I:N/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.cisco.com/warp/public/707/vpn3k-telnet-vuln-pub.shtml

Patch

Vendor Advisory

http://www.osvdb.org/5643

https://exchange.xforce.ibmcloud.com/vulnerabilities/6298

https://nvd.nist.gov/vuln/detail/CVE-2001-0427

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2001-0427

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2001-0427

EUVD