Remote Denial of Service Vulnerability in Cisco VPN 3000 Series Concentrators
CVE-2001-0427

Currently unrated

Key Information:

Vendor: Cisco
Status: Vpn 3015 Concentrator; Vpn 3060 Concentrator; Vpn 3000 Concentrator; Vpn 3005 Concentrator
Vendor: CVE Published:; 18 June 2001

Summary

Cisco VPN 3000 series concentrators prior to version 2.5.2(F) exhibit a vulnerability that allows remote attackers to exploit the SSL and telnet services. By flooding these services with invalid login requests, attackers can trigger a denial of service condition, preventing legitimate users from accessing the network. This vulnerability occurs because the services fail to appropriately disconnect users following multiple failed login attempts, resulting in a potential disruption of service.

References

http://www.cisco.com/warp/public/707/vpn3k-telnet-vuln-pu...

vendor-advisoryx_refsource_CISCO

http://www.osvdb.org/5643

vdb-entryx_refsource_OSVDB

https://exchange.xforce.ibmcloud.com/vulnerabilities/6298

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Jun 18, 2001
Vulnerability Reserved
May 24, 2001