CVE-2003-0258

Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 3.5.x through 4.0.REL, when enabling IPSec over TCP for a port on the concentrator, allow remote attackers to reach the private network without authentication.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.cisco.com/warp/public/707/cisco-sa-20030507-vpn3k.shtml	Patch Vendor Advisory
http://www.kb.cert.org/vuls/id/727780	US Government Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/11954
http://www.cisco.com/warp/public/707/cisco-sa-20030507-vpn3k.shtml	Patch Vendor Advisory
http://www.kb.cert.org/vuls/id/727780	US Government Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/11954

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:h:cisco:vpn_3015_concentrator::::::::
	cpe:2.3:h:cisco:vpn_3030_concentator::::::::
	cpe:2.3:h:cisco:vpn_3060_concentrator::::::::
	cpe:2.3:h:cisco:vpn_3080_concentrator::::::::
	cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5\(rel\):::::::*
	cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.1:::::::*
	cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.2:::::::*
	cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.3:::::::*
	cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.4:::::::*
	cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.5:::::::*
	cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6:::::::*
	cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.1:::::::*
	cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.3:::::::*
	cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.5:::::::*
	cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7:::::::*
	cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7.a:::::::*
	cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7.b:::::::*
	cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7.c:::::::*
	cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7.d:::::::*
	cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7d:::::::*
	cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.0:::::::*
	cpe:2.3:o:cisco:vpn_3005_concentrator_software:4.0.1:::::::*

cpe:2.3:a:cisco:vpn_3002_hardware_client:*:*:*:*:*:*:*:*

History

20 Nov 2024, 23:44

Type	Values Removed	Values Added
References	~~() http://www.cisco.com/warp/public/707/cisco-sa-20030507-vpn3k.shtml - Patch, Vendor Advisory~~	() http://www.cisco.com/warp/public/707/cisco-sa-20030507-vpn3k.shtml - Patch, Vendor Advisory
References	~~() http://www.kb.cert.org/vuls/id/727780 - US Government Resource~~	() http://www.kb.cert.org/vuls/id/727780 - US Government Resource
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/11954 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/11954 -

Information

Published : 2003-05-27 04:00

Updated : 2025-04-03 01:03

NVD link : CVE-2003-0258

Mitre link : CVE-2003-0258

CVE.ORG link : CVE-2003-0258

JSON object : View

Products Affected

cisco

vpn_3080_concentrator
vpn_3005_concentrator_software
vpn_3002_hardware_client
vpn_3060_concentrator
vpn_3000_concentrator_series_software
vpn_3030_concentator
vpn_3015_concentrator

CWE

NVD-CWE-Other

{"id": "CVE-2003-0258", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2003-05-27T04:00:00.000", "references": [{"url": "http://www.cisco.com/warp/public/707/cisco-sa-20030507-vpn3k.shtml", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.kb.cert.org/vuls/id/727780", "tags": ["US Government Resource"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11954", "source": "cve@mitre.org"}, {"url": "http://www.cisco.com/warp/public/707/cisco-sa-20030507-vpn3k.shtml", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.kb.cert.org/vuls/id/727780", "tags": ["US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11954", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 3.5.x through 4.0.REL, when enabling IPSec over TCP for a port on the concentrator, allow remote attackers to reach the private network without authentication."}, {"lang": "es", "value": "Concentradores de Cisco de la serie VPN 3000 y Cisco VPN 3002 Hardware Client 2.x.x hasta 4.0.REL, cuando se configuran para permitir IPSec sobre TCP para un puerto del concentrador, permiten que atacantes remotos alcancen la red privada sin autentificaci\u00f3n."}], "lastModified": "2025-04-03T01:03:51.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:vpn_3015_concentrator:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0A512328-2FD0-4B1D-9327-A13A0BCE9C0D"}, {"criteria": "cpe:2.3:h:cisco:vpn_3030_concentator:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6548F964-B8EE-4B39-87CF-99743D41C42C"}, {"criteria": "cpe:2.3:h:cisco:vpn_3060_concentrator:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E08810E6-33B6-45FF-91C7-EED10DC023EA"}, {"criteria": "cpe:2.3:h:cisco:vpn_3080_concentrator:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2BD1A1AC-980F-428E-8BAF-0FC821014868"}, {"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5\\(rel\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "207034E8-35F7-4E78-A3FC-C86D20EB8D9A"}, {"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C544E523-15E5-4CE5-8113-53454F5D9973"}, {"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B09F6EBD-C3FC-4680-BE31-A766D863237D"}, {"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DF8C3FDA-D321-4202-A8EA-6C1464558A8F"}, {"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B68705AB-A133-401F-9F41-64594E071816"}, {"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F9092680-E154-4EAB-A2D5-B692073F894E"}, {"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8EF5F3FA-5FA4-408E-BA62-3943C5DFD859"}, {"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ADFC9764-5BF5-449F-9200-5569C13F8309"}, {"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F12F2AAC-DB5B-4C28-86C5-F59490362E54"}, {"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "071F52AD-D59B-4673-BCBE-112B94D3EB66"}, {"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80709CB0-D386-4C4F-B3EE-7A0501FD7248"}, {"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7.a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B2AFAF42-B894-4D62-A9CF-3349A43191AF"}, {"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7.b:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ABE5BB7F-D8B4-441B-9F45-56F622EEAA52"}, {"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7.c:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8B87A7EC-DC23-4075-8C4A-2317FF34BDB1"}, {"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7.d:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "98AC18E3-D12B-489D-9D95-6C9210235FB3"}, {"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7d:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "36291ADE-3D5A-4E49-8BA7-B71CAAA226B9"}, {"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D953DA9F-B54E-4941-85BE-48933C98DB55"}, {"criteria": "cpe:2.3:o:cisco:vpn_3005_concentrator_software:4.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "17196F00-9D7A-4AF6-AE1E-EA2E450A8ABD"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:vpn_3002_hardware_client:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "12ECF578-84BF-4F41-9462-C09FA517F2A0"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}

7.5 /10