Vulnerability Description
Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote attackers to cause a denial of service via a flood of invalid login requests to (1) the SSL service, or (2) the telnet service, which do not properly disconnect the user after several failed login attempts.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Vpn 3000 Concentrator | All versions |
| Cisco | Vpn 3005 Concentrator | All versions |
| Cisco | Vpn 3015 Concentrator | All versions |
| Cisco | Vpn 3030 Concentator | All versions |
| Cisco | Vpn 3060 Concentrator | All versions |
| Cisco | Vpn 3080 Concentrator | All versions |
Related Weaknesses (CWE)
References
- http://www.cisco.com/warp/public/707/vpn3k-telnet-vuln-pub.shtmlPatchVendor Advisory
- http://www.osvdb.org/5643
- https://exchange.xforce.ibmcloud.com/vulnerabilities/6298
- http://www.cisco.com/warp/public/707/vpn3k-telnet-vuln-pub.shtmlPatchVendor Advisory
- http://www.osvdb.org/5643
- https://exchange.xforce.ibmcloud.com/vulnerabilities/6298
FAQ
What is CVE-2001-0427?
CVE-2001-0427 is a vulnerability with a CVSS score of 7.1 (HIGH). Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote attackers to cause a denial of service via a flood of invalid login requests to (1) the SSL service, or (2) the telnet service, which d...
How severe is CVE-2001-0427?
CVE-2001-0427 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2001-0427?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Vpn 3000 Concentrator, Cisco Vpn 3005 Concentrator, Cisco Vpn 3015 Concentrator, Cisco Vpn 3030 Concentator, Cisco Vpn 3060 Concentrator.