CVE-2003-0258

Description

Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 3.5.x through 4.0.REL, when enabling IPSec over TCP for a port on the concentrator, allow remote attackers to reach the private network without authentication.

Affected products

• Cisco / vpn_3000_concentrator_series_software3.6.7.c – 3.6.7.c
• Cisco / vpn_3000_concentrator_series_software4.0 – 4.0
• Cisco / vpn_3000_concentrator_series_software3.6.7d – 3.6.7d
• Cisco / vpn_3000_concentrator_series_software3.6.7.d – 3.6.7.d
• Cisco / vpn_3000_concentrator_series_software3.5(rel) – 3.5(rel)
• Cisco / vpn_3000_concentrator_series_software3.5.1 – 3.5.1
• Cisco / vpn_3000_concentrator_series_software3.5.2 – 3.5.2
• Cisco / vpn_3000_concentrator_series_software3.5.3 – 3.5.3
• Cisco / vpn_3000_concentrator_series_software3.5.4 – 3.5.4
• Cisco / vpn_3000_concentrator_series_software3.5.5 – 3.5.5
• Cisco / vpn_3000_concentrator_series_software3.6 – 3.6
• Cisco / vpn_3000_concentrator_series_software3.6.1 – 3.6.1
• Cisco / vpn_3000_concentrator_series_software3.6.3 – 3.6.3
• Cisco / vpn_3000_concentrator_series_software3.6.5 – 3.6.5
• Cisco / vpn_3000_concentrator_series_software3.6.7 – 3.6.7
• Cisco / vpn_3000_concentrator_series_software3.6.7.a – 3.6.7.a
• Cisco / vpn_3000_concentrator_series_software3.6.7.b – 3.6.7.b
• Cisco / vpn_3002_hardware_client
• Cisco / vpn_3005_concentrator_software4.0.1 – 4.0.1
• Cisco / vpn_3015_concentrator
• Cisco / vpn_3030_concentator
• Cisco / vpn_3060_concentrator
• Cisco / vpn_3080_concentrator

References

• MISChttp://www.kb.cert.org/vuls/id/727780
• VENDOR_ADVISORYhttp://www.cisco.com/warp/public/707/cisco-sa-20030507-vpn3k.shtml
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/11954