cvelistv5 - CVE-2003-0258

CVE-2003-0258 (GCVE-0-2003-0258)

Vulnerability from cvelistv5 – Published: 2003-05-08 04:00 – Updated: 2024-08-08 01:50

Summary

Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 3.5.x through 4.0.REL, when enabling IPSec over TCP for a port on the concentrator, allow remote attackers to reach the private network without authentication.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.kb.cert.org/vuls/id/727780	third-party-advisoryx_refsource_CERT-VN
	http://www.cisco.com/warp/public/707/cisco-sa-200…	vendor-advisoryx_refsource_CISCO
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T01:50:46.866Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "VU#727780",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/727780"
          },
          {
            "name": "20030507 Cisco VPN 3000 Concentrator Vulnerabilities",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/warp/public/707/cisco-sa-20030507-vpn3k.shtml"
          },
          {
            "name": "cisco-vpn-unauth-access(11954)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11954"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2003-05-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 3.5.x through 4.0.REL, when enabling IPSec over TCP for a port on the concentrator, allow remote attackers to reach the private network without authentication."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "VU#727780",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/727780"
        },
        {
          "name": "20030507 Cisco VPN 3000 Concentrator Vulnerabilities",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/warp/public/707/cisco-sa-20030507-vpn3k.shtml"
        },
        {
          "name": "cisco-vpn-unauth-access(11954)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11954"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2003-0258",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 3.5.x through 4.0.REL, when enabling IPSec over TCP for a port on the concentrator, allow remote attackers to reach the private network without authentication."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "VU#727780",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/727780"
            },
            {
              "name": "20030507 Cisco VPN 3000 Concentrator Vulnerabilities",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/warp/public/707/cisco-sa-20030507-vpn3k.shtml"
            },
            {
              "name": "cisco-vpn-unauth-access(11954)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11954"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2003-0258",
    "datePublished": "2003-05-08T04:00:00",
    "dateReserved": "2003-05-07T00:00:00",
    "dateUpdated": "2024-08-08T01:50:46.866Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:vpn_3015_concentrator:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0A512328-2FD0-4B1D-9327-A13A0BCE9C0D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:vpn_3030_concentator:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6548F964-B8EE-4B39-87CF-99743D41C42C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:vpn_3060_concentrator:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E08810E6-33B6-45FF-91C7-EED10DC023EA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:vpn_3080_concentrator:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2BD1A1AC-980F-428E-8BAF-0FC821014868\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5\\\\(rel\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"207034E8-35F7-4E78-A3FC-C86D20EB8D9A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C544E523-15E5-4CE5-8113-53454F5D9973\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B09F6EBD-C3FC-4680-BE31-A766D863237D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DF8C3FDA-D321-4202-A8EA-6C1464558A8F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B68705AB-A133-401F-9F41-64594E071816\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F9092680-E154-4EAB-A2D5-B692073F894E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8EF5F3FA-5FA4-408E-BA62-3943C5DFD859\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ADFC9764-5BF5-449F-9200-5569C13F8309\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F12F2AAC-DB5B-4C28-86C5-F59490362E54\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"071F52AD-D59B-4673-BCBE-112B94D3EB66\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"80709CB0-D386-4C4F-B3EE-7A0501FD7248\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7.a:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B2AFAF42-B894-4D62-A9CF-3349A43191AF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7.b:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ABE5BB7F-D8B4-441B-9F45-56F622EEAA52\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7.c:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8B87A7EC-DC23-4075-8C4A-2317FF34BDB1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7.d:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"98AC18E3-D12B-489D-9D95-6C9210235FB3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7d:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"36291ADE-3D5A-4E49-8BA7-B71CAAA226B9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D953DA9F-B54E-4941-85BE-48933C98DB55\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:vpn_3005_concentrator_software:4.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"17196F00-9D7A-4AF6-AE1E-EA2E450A8ABD\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:vpn_3002_hardware_client:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"12ECF578-84BF-4F41-9462-C09FA517F2A0\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 3.5.x through 4.0.REL, when enabling IPSec over TCP for a port on the concentrator, allow remote attackers to reach the private network without authentication.\"}, {\"lang\": \"es\", \"value\": \"Concentradores de Cisco de la serie VPN 3000 y Cisco VPN 3002 Hardware Client 2.x.x hasta 4.0.REL, cuando se configuran para permitir IPSec sobre TCP para un puerto del concentrador, permiten que atacantes remotos alcancen la red privada sin autentificaci\\u00f3n.\"}]",
      "id": "CVE-2003-0258",
      "lastModified": "2024-11-20T23:44:19.913",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": true, \"userInteractionRequired\": false}]}",
      "published": "2003-05-27T04:00:00.000",
      "references": "[{\"url\": \"http://www.cisco.com/warp/public/707/cisco-sa-20030507-vpn3k.shtml\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/727780\", \"source\": \"cve@mitre.org\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/11954\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.cisco.com/warp/public/707/cisco-sa-20030507-vpn3k.shtml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/727780\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/11954\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2003-0258\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2003-05-27T04:00:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 3.5.x through 4.0.REL, when enabling IPSec over TCP for a port on the concentrator, allow remote attackers to reach the private network without authentication.\"},{\"lang\":\"es\",\"value\":\"Concentradores de Cisco de la serie VPN 3000 y Cisco VPN 3002 Hardware Client 2.x.x hasta 4.0.REL, cuando se configuran para permitir IPSec sobre TCP para un puerto del concentrador, permiten que atacantes remotos alcancen la red privada sin autentificaci\u00f3n.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":true,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:vpn_3015_concentrator:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A512328-2FD0-4B1D-9327-A13A0BCE9C0D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:vpn_3030_concentator:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6548F964-B8EE-4B39-87CF-99743D41C42C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:vpn_3060_concentrator:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E08810E6-33B6-45FF-91C7-EED10DC023EA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:vpn_3080_concentrator:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2BD1A1AC-980F-428E-8BAF-0FC821014868\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5\\\\(rel\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"207034E8-35F7-4E78-A3FC-C86D20EB8D9A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C544E523-15E5-4CE5-8113-53454F5D9973\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B09F6EBD-C3FC-4680-BE31-A766D863237D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DF8C3FDA-D321-4202-A8EA-6C1464558A8F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B68705AB-A133-401F-9F41-64594E071816\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F9092680-E154-4EAB-A2D5-B692073F894E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8EF5F3FA-5FA4-408E-BA62-3943C5DFD859\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ADFC9764-5BF5-449F-9200-5569C13F8309\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F12F2AAC-DB5B-4C28-86C5-F59490362E54\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"071F52AD-D59B-4673-BCBE-112B94D3EB66\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80709CB0-D386-4C4F-B3EE-7A0501FD7248\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7.a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2AFAF42-B894-4D62-A9CF-3349A43191AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7.b:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ABE5BB7F-D8B4-441B-9F45-56F622EEAA52\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7.c:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8B87A7EC-DC23-4075-8C4A-2317FF34BDB1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7.d:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98AC18E3-D12B-489D-9D95-6C9210235FB3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7d:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36291ADE-3D5A-4E49-8BA7-B71CAAA226B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D953DA9F-B54E-4941-85BE-48933C98DB55\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:vpn_3005_concentrator_software:4.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"17196F00-9D7A-4AF6-AE1E-EA2E450A8ABD\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:vpn_3002_hardware_client:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"12ECF578-84BF-4F41-9462-C09FA517F2A0\"}]}]}],\"references\":[{\"url\":\"http://www.cisco.com/warp/public/707/cisco-sa-20030507-vpn3k.shtml\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/727780\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/11954\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.cisco.com/warp/public/707/cisco-sa-20030507-vpn3k.shtml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/727780\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/11954\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

VAR-200305-0024

Vulnerability from variot - Updated: 2023-12-18 13:26

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200305-0024",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "vpn 3005 concentrator software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "4.0.1"
      },
      {
        "model": "vpn 3000 concentrator series software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.5.5"
      },
      {
        "model": "vpn 3000 concentrator series software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.6.5"
      },
      {
        "model": "vpn 3000 concentrator series software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.6.7.a"
      },
      {
        "model": "vpn 3000 concentrator series software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.5.2"
      },
      {
        "model": "vpn 3000 concentrator series software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "vpn 3000 concentrator series software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.6.7.d"
      },
      {
        "model": "vpn 3000 concentrator series software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.6.7"
      },
      {
        "model": "vpn 3000 concentrator series software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.6.7.b"
      },
      {
        "model": "vpn 3030 concentator",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      },
      {
        "model": "vpn 3000 concentrator series software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.6.7d"
      },
      {
        "model": "vpn 3000 concentrator series software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.6.1"
      },
      {
        "model": "vpn 3000 concentrator series software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.5.4"
      },
      {
        "model": "vpn 3000 concentrator series software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.5.3"
      },
      {
        "model": "vpn 3002 hardware client",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      },
      {
        "model": "vpn 3000 concentrator series software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.6"
      },
      {
        "model": "vpn 3080 concentrator",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      },
      {
        "model": "vpn 3060 concentrator",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      },
      {
        "model": "vpn 3015 concentrator",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      },
      {
        "model": "vpn 3000 concentrator series software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.5.1"
      },
      {
        "model": "vpn 3000 concentrator series software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.6.3"
      },
      {
        "model": "vpn 3000 concentrator series software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.6.7.c"
      },
      {
        "model": "vpn 3000 concentrator series software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.5\\(rel\\)"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "vpn 3060 concentrator",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "vpn 3000 concentrator",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "3.5.3"
      },
      {
        "model": "vpn 3000 concentrator",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "3.5.5"
      },
      {
        "model": "vpn 3000 concentrator",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "3.5\\(rel\\)"
      },
      {
        "model": "vpn 3000 concentrator",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "3.5.4"
      },
      {
        "model": "vpn 3000 concentrator",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "3.5.1"
      },
      {
        "model": "vpn 3030 concentator",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "vpn 3000 concentrator",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "3.5.2"
      },
      {
        "model": "vpn 3080 concentrator",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "vpn 3015 concentrator",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "vpn concentrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3080"
      },
      {
        "model": "vpn concentrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3060"
      },
      {
        "model": "vpn concentrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3015"
      },
      {
        "model": "vpn concentrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30054.0.1"
      },
      {
        "model": "vpn concentrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30054.0"
      },
      {
        "model": "vpn concentrator d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30053.6.7"
      },
      {
        "model": "vpn concentrator c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30053.6.7"
      },
      {
        "model": "vpn concentrator b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30053.6.7"
      },
      {
        "model": "vpn concentrator a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30053.6.7"
      },
      {
        "model": "vpn concentrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30053.6.7"
      },
      {
        "model": "vpn concentrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30053.6.5"
      },
      {
        "model": "vpn concentrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30053.6.3"
      },
      {
        "model": "vpn hardware client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3002"
      },
      {
        "model": "vpn concentrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30004.0"
      },
      {
        "model": "vpn concentrator d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30003.6.7"
      },
      {
        "model": "vpn concentrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30003.6.1"
      },
      {
        "model": "vpn concentrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30003.6"
      },
      {
        "model": "vpn concentrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30003.5.5"
      },
      {
        "model": "vpn concentrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30003.5.4"
      },
      {
        "model": "vpn concentrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30003.5.3"
      },
      {
        "model": "vpn concentrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30003.5.2"
      },
      {
        "model": "vpn concentrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30003.5.1"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#727780"
      },
      {
        "db": "BID",
        "id": "86910"
      },
      {
        "db": "NVD",
        "id": "CVE-2003-0258"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200305-065"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:vpn_3015_concentrator:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:vpn_3030_concentator:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7.a:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7.b:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5\\(rel\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:vpn_3005_concentrator_software:4.0.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:vpn_3060_concentrator:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:vpn_3080_concentrator:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7d:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7.c:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7.d:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:vpn_3002_hardware_client:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2003-0258"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Unknown",
    "sources": [
      {
        "db": "BID",
        "id": "86910"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2003-0258",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": true,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-7087",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2003-0258",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#727780",
            "trust": 0.8,
            "value": "23.73"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200305-065",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-7087",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#727780"
      },
      {
        "db": "VULHUB",
        "id": "VHN-7087"
      },
      {
        "db": "NVD",
        "id": "CVE-2003-0258"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200305-065"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 3.5.x through 4.0.REL, when enabling IPSec over TCP for a port on the concentrator, allow remote attackers to reach the private network without authentication",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2003-0258"
      },
      {
        "db": "CERT/CC",
        "id": "VU#727780"
      },
      {
        "db": "BID",
        "id": "86910"
      },
      {
        "db": "VULHUB",
        "id": "VHN-7087"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#727780",
        "trust": 2.8
      },
      {
        "db": "NVD",
        "id": "CVE-2003-0258",
        "trust": 2.0
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200305-065",
        "trust": 0.7
      },
      {
        "db": "CISCO",
        "id": "20030507 CISCO VPN 3000 CONCENTRATOR VULNERABILITIES",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "11954",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "86910",
        "trust": 0.4
      },
      {
        "db": "VULHUB",
        "id": "VHN-7087",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#727780"
      },
      {
        "db": "VULHUB",
        "id": "VHN-7087"
      },
      {
        "db": "BID",
        "id": "86910"
      },
      {
        "db": "NVD",
        "id": "CVE-2003-0258"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200305-065"
      }
    ]
  },
  "id": "VAR-200305-0024",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-7087"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:26:09.752000Z",
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2003-0258"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.8,
        "url": "http://www.cisco.com/warp/public/707/cisco-sa-20030507-vpn3k.shtml"
      },
      {
        "trust": 2.0,
        "url": "http://www.kb.cert.org/vuls/id/727780"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11954"
      },
      {
        "trust": 0.8,
        "url": "http://www.iss.net/security_center/static/11954.php"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/11954"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#727780"
      },
      {
        "db": "VULHUB",
        "id": "VHN-7087"
      },
      {
        "db": "BID",
        "id": "86910"
      },
      {
        "db": "NVD",
        "id": "CVE-2003-0258"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200305-065"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#727780"
      },
      {
        "db": "VULHUB",
        "id": "VHN-7087"
      },
      {
        "db": "BID",
        "id": "86910"
      },
      {
        "db": "NVD",
        "id": "CVE-2003-0258"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200305-065"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2003-06-23T00:00:00",
        "db": "CERT/CC",
        "id": "VU#727780"
      },
      {
        "date": "2003-05-27T00:00:00",
        "db": "VULHUB",
        "id": "VHN-7087"
      },
      {
        "date": "2003-05-27T00:00:00",
        "db": "BID",
        "id": "86910"
      },
      {
        "date": "2003-05-27T04:00:00",
        "db": "NVD",
        "id": "CVE-2003-0258"
      },
      {
        "date": "2003-05-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200305-065"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2003-06-23T00:00:00",
        "db": "CERT/CC",
        "id": "VU#727780"
      },
      {
        "date": "2018-10-30T00:00:00",
        "db": "VULHUB",
        "id": "VHN-7087"
      },
      {
        "date": "2003-05-27T00:00:00",
        "db": "BID",
        "id": "86910"
      },
      {
        "date": "2018-10-30T16:26:19.357000",
        "db": "NVD",
        "id": "CVE-2003-0258"
      },
      {
        "date": "2005-10-20T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200305-065"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200305-065"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco VPN 3000 Concentrator may allow access to internal hosts when IPsec over TCP is enabled",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#727780"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "unknown",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200305-065"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2003-0258

Vulnerability from fkie_nvd - Published: 2003-05-27 04:00 - Updated: 2025-04-03 01:03

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://www.cisco.com/warp/public/707/cisco-sa-20030507-vpn3k.shtml	Patch, Vendor Advisory
cve@mitre.org	http://www.kb.cert.org/vuls/id/727780	US Government Resource
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/11954
af854a3a-2127-422b-91ae-364da2661108	http://www.cisco.com/warp/public/707/cisco-sa-20030507-vpn3k.shtml	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/727780	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/11954

Impacted products

Vendor	Product	Version
cisco	vpn_3015_concentrator	*
cisco	vpn_3030_concentator	*
cisco	vpn_3060_concentrator	*
cisco	vpn_3080_concentrator	*
cisco	vpn_3000_concentrator_series_software	3.5\(rel\)
cisco	vpn_3000_concentrator_series_software	3.5.1
cisco	vpn_3000_concentrator_series_software	3.5.2
cisco	vpn_3000_concentrator_series_software	3.5.3
cisco	vpn_3000_concentrator_series_software	3.5.4
cisco	vpn_3000_concentrator_series_software	3.5.5
cisco	vpn_3000_concentrator_series_software	3.6
cisco	vpn_3000_concentrator_series_software	3.6.1
cisco	vpn_3000_concentrator_series_software	3.6.3
cisco	vpn_3000_concentrator_series_software	3.6.5
cisco	vpn_3000_concentrator_series_software	3.6.7
cisco	vpn_3000_concentrator_series_software	3.6.7.a
cisco	vpn_3000_concentrator_series_software	3.6.7.b
cisco	vpn_3000_concentrator_series_software	3.6.7.c
cisco	vpn_3000_concentrator_series_software	3.6.7.d
cisco	vpn_3000_concentrator_series_software	3.6.7d
cisco	vpn_3000_concentrator_series_software	4.0
cisco	vpn_3005_concentrator_software	4.0.1
cisco	vpn_3002_hardware_client	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:vpn_3015_concentrator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A512328-2FD0-4B1D-9327-A13A0BCE9C0D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:vpn_3030_concentator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6548F964-B8EE-4B39-87CF-99743D41C42C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:vpn_3060_concentrator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E08810E6-33B6-45FF-91C7-EED10DC023EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:vpn_3080_concentrator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BD1A1AC-980F-428E-8BAF-0FC821014868",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5\\(rel\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "207034E8-35F7-4E78-A3FC-C86D20EB8D9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C544E523-15E5-4CE5-8113-53454F5D9973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B09F6EBD-C3FC-4680-BE31-A766D863237D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF8C3FDA-D321-4202-A8EA-6C1464558A8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B68705AB-A133-401F-9F41-64594E071816",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9092680-E154-4EAB-A2D5-B692073F894E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EF5F3FA-5FA4-408E-BA62-3943C5DFD859",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADFC9764-5BF5-449F-9200-5569C13F8309",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F12F2AAC-DB5B-4C28-86C5-F59490362E54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "071F52AD-D59B-4673-BCBE-112B94D3EB66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "80709CB0-D386-4C4F-B3EE-7A0501FD7248",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7.a:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2AFAF42-B894-4D62-A9CF-3349A43191AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7.b:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABE5BB7F-D8B4-441B-9F45-56F622EEAA52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7.c:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B87A7EC-DC23-4075-8C4A-2317FF34BDB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7.d:*:*:*:*:*:*:*",
              "matchCriteriaId": "98AC18E3-D12B-489D-9D95-6C9210235FB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7d:*:*:*:*:*:*:*",
              "matchCriteriaId": "36291ADE-3D5A-4E49-8BA7-B71CAAA226B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D953DA9F-B54E-4941-85BE-48933C98DB55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:vpn_3005_concentrator_software:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "17196F00-9D7A-4AF6-AE1E-EA2E450A8ABD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:vpn_3002_hardware_client:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "12ECF578-84BF-4F41-9462-C09FA517F2A0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 3.5.x through 4.0.REL, when enabling IPSec over TCP for a port on the concentrator, allow remote attackers to reach the private network without authentication."
    },
    {
      "lang": "es",
      "value": "Concentradores de Cisco de la serie VPN 3000 y Cisco VPN 3002 Hardware Client 2.x.x hasta 4.0.REL, cuando se configuran para permitir IPSec sobre TCP para un puerto del concentrador, permiten que atacantes remotos alcancen la red privada sin autentificaci\u00f3n."
    }
  ],
  "id": "CVE-2003-0258",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2003-05-27T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20030507-vpn3k.shtml"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/727780"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11954"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20030507-vpn3k.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/727780"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11954"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2003-0258

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2003-0258

Aliases

CVE-2003-0258

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2003-0258",
    "description": "Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 3.5.x through 4.0.REL, when enabling IPSec over TCP for a port on the concentrator, allow remote attackers to reach the private network without authentication.",
    "id": "GSD-2003-0258"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2003-0258"
      ],
      "details": "Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 3.5.x through 4.0.REL, when enabling IPSec over TCP for a port on the concentrator, allow remote attackers to reach the private network without authentication.",
      "id": "GSD-2003-0258",
      "modified": "2023-12-13T01:22:13.266021Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2003-0258",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 3.5.x through 4.0.REL, when enabling IPSec over TCP for a port on the concentrator, allow remote attackers to reach the private network without authentication."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "VU#727780",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/727780"
          },
          {
            "name": "20030507 Cisco VPN 3000 Concentrator Vulnerabilities",
            "refsource": "CISCO",
            "url": "http://www.cisco.com/warp/public/707/cisco-sa-20030507-vpn3k.shtml"
          },
          {
            "name": "cisco-vpn-unauth-access(11954)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11954"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:vpn_3015_concentrator:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:vpn_3030_concentator:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7.a:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7.b:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5\\(rel\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:vpn_3005_concentrator_software:4.0.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:vpn_3060_concentrator:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:vpn_3080_concentrator:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7d:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7.c:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7.d:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:vpn_3002_hardware_client:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2003-0258"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 3.5.x through 4.0.REL, when enabling IPSec over TCP for a port on the concentrator, allow remote attackers to reach the private network without authentication."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20030507 Cisco VPN 3000 Concentrator Vulnerabilities",
              "refsource": "CISCO",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.cisco.com/warp/public/707/cisco-sa-20030507-vpn3k.shtml"
            },
            {
              "name": "VU#727780",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/727780"
            },
            {
              "name": "cisco-vpn-unauth-access(11954)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11954"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": true,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-30T16:26Z",
      "publishedDate": "2003-05-27T04:00Z"
    }
  }
}

GHSA-JV37-PVX6-RJX4

Vulnerability from github – Published: 2022-04-29 01:26 – Updated: 2022-04-29 01:26

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2003-0258"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2003-05-27T04:00:00Z",
    "severity": "HIGH"
  },
  "details": "Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 3.5.x through 4.0.REL, when enabling IPSec over TCP for a port on the concentrator, allow remote attackers to reach the private network without authentication.",
  "id": "GHSA-jv37-pvx6-rjx4",
  "modified": "2022-04-29T01:26:06Z",
  "published": "2022-04-29T01:26:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0258"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11954"
    },
    {
      "type": "WEB",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20030507-vpn3k.shtml"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/727780"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2003-0258 (GCVE-0-2003-0258)

VAR-200305-0024

FKIE_CVE-2003-0258

GSD-2003-0258

GHSA-JV37-PVX6-RJX4

Tags

Sightings

Nomenclature