VAR-200212-0088
Vulnerability from variot - Updated: 2025-04-03 22:24Cisco PIX Firewall 6.0.3 and earlier, and 6.1.x to 6.1.3, do not delete the duplicate ISAKMP SAs for a user's VPN session, which allows local users to hijack a session via a man-in-the-middle attack. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. By exploiting this issue, a remote attacker can gain access to legitimate users. IP Get the address, PIX * Firewall It is possible to avoid authentication. For this attack to succeed, the attacker must use the pre-shared key required for authentication. (group pre-shared key) Or you need to get a group password.Please refer to the “Overview” for the impact of this vulnerability. PIX is the firewall system/firmware combination distributed and maintained by Cisco Systems. A vulnerability has been discovered in the handling of VPN sessions by PIX firewalls. When processing initial contact notify messages, PIX does not remove duplicate peer-to-peer ISAKMP SAs. When a user establishes a VPN session during peer user authentication, the PIX creates a KSAKMP SA associated with the user and his IP address. If an attacker can prevent a logged-in user from connecting, and use the same IP address as that user to connect to the PIX, the attacker can successfully establish a VPN session through the PIX and gain unauthorized access to the internal network. CISCO designated this vulnerability BUG ID as: CSCdv83490
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200212-0088",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pix firewall",
"scope": "eq",
"trust": 1.7,
"vendor": "cisco",
"version": "6.1"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 1.7,
"vendor": "cisco",
"version": "6.0"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.0\\(2\\)"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.0"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.0\\(3\\)"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.0\\(1\\)"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.1\\(3\\)"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.1"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.1\\(2\\)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "6.0\\(1\\)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "6.0\\(3\\)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "6.1\\(3\\)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "6.1\\(2\\)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "6.0\\(2\\)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1.3"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1(2)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0.3"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0(2)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0(1)"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2.1"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1.4"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0.4"
}
],
"sources": [
{
"db": "BID",
"id": "6211"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000284"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-577"
},
{
"db": "NVD",
"id": "CVE-2002-2139"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:cisco:pix_firewall",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2002-000284"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco PSIRT\u203b psirt@cisco.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200212-577"
}
],
"trust": 0.6
},
"cve": "CVE-2002-2139",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2002-2139",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-6522",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2002-2139",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2002-2139",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200212-577",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-6522",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-6522"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000284"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-577"
},
{
"db": "NVD",
"id": "CVE-2002-2139"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco PIX Firewall 6.0.3 and earlier, and 6.1.x to 6.1.3, do not delete the duplicate ISAKMP SAs for a user\u0027s VPN session, which allows local users to hijack a session via a man-in-the-middle attack. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. By exploiting this issue, a remote attacker can gain access to legitimate users. IP Get the address, PIX * Firewall It is possible to avoid authentication. For this attack to succeed, the attacker must use the pre-shared key required for authentication. (group pre-shared key) Or you need to get a group password.Please refer to the \u201cOverview\u201d for the impact of this vulnerability. PIX is the firewall system/firmware combination distributed and maintained by Cisco Systems. \nA vulnerability has been discovered in the handling of VPN sessions by PIX firewalls. When processing initial contact notify messages, PIX does not remove duplicate peer-to-peer ISAKMP SAs. When a user establishes a VPN session during peer user authentication, the PIX creates a KSAKMP SA associated with the user and his IP address. If an attacker can prevent a logged-in user from connecting, and use the same IP address as that user to connect to the PIX, the attacker can successfully establish a VPN session through the PIX and gain unauthorized access to the internal network. CISCO designated this vulnerability BUG ID as: CSCdv83490",
"sources": [
{
"db": "NVD",
"id": "CVE-2002-2139"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000284"
},
{
"db": "BID",
"id": "6211"
},
{
"db": "VULHUB",
"id": "VHN-6522"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "6211",
"trust": 2.8
},
{
"db": "NVD",
"id": "CVE-2002-2139",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000284",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200212-577",
"trust": 0.7
},
{
"db": "XF",
"id": "10660",
"trust": 0.6
},
{
"db": "CIAC",
"id": "N-017",
"trust": 0.6
},
{
"db": "CISCO",
"id": "20021120 CISCO PIX MULTIPLE VULNERABILITIES",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "3872",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-6522",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-6522"
},
{
"db": "BID",
"id": "6211"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000284"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-577"
},
{
"db": "NVD",
"id": "CVE-2002-2139"
}
]
},
"id": "VAR-200212-0088",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-6522"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-03T22:24:11.327000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "pix-multiple-vuln-pub",
"trust": 0.8,
"url": "http://www.cisco.com/warp/public/707/pix-multiple-vuln-pub.shtml"
},
{
"title": "pix-multiple-vuln-pub",
"trust": 0.8,
"url": "http://www.cisco.com/japanese/warp/public/3/jp/service/tac/707/pix-multiple-vuln-pub-j.shtml"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2002-000284"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-2139"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/6211"
},
{
"trust": 2.0,
"url": "http://www.cisco.com/warp/public/707/pix-multiple-vuln-pub.shtml"
},
{
"trust": 1.7,
"url": "http://www.ciac.org/ciac/bulletins/n-017.shtml"
},
{
"trust": 1.7,
"url": "http://www.iss.net/security_center/static/10660.php"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2002-2139"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2002-2139"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/3872"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-6522"
},
{
"db": "BID",
"id": "6211"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000284"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-577"
},
{
"db": "NVD",
"id": "CVE-2002-2139"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-6522"
},
{
"db": "BID",
"id": "6211"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000284"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-577"
},
{
"db": "NVD",
"id": "CVE-2002-2139"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-6522"
},
{
"date": "2002-11-20T00:00:00",
"db": "BID",
"id": "6211"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2002-000284"
},
{
"date": "2002-11-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200212-577"
},
{
"date": "2002-12-31T05:00:00",
"db": "NVD",
"id": "CVE-2002-2139"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-30T00:00:00",
"db": "VULHUB",
"id": "VHN-6522"
},
{
"date": "2002-11-20T00:00:00",
"db": "BID",
"id": "6211"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2002-000284"
},
{
"date": "2006-01-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200212-577"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2002-2139"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200212-577"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco PIX Firewall of ISAKMP SA Session hijack vulnerability due to improper handling",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2002-000284"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200212-577"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…