CVE-2001-0427

Cisco VPN 3000 Concentrator - Improper Input Validation

Title source: rule

Description

Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote attackers to cause a denial of service via a flood of invalid login requests to (1) the SSL service, or (2) the telnet service, which do not properly disconnect the user after several failed login attempts.

References (3)

[Patch, Vendor Advisory] http://www.cisco.com/warp/public/707/vpn3k-telnet-vuln-pub.shtml

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/6298

[Third Party Advisory, VDB Entry] http://www.osvdb.org/5643

Scores

EPSS 0.0086

EPSS Percentile 74.7%

Classification

CWE

CWE-20

Status draft

Affected Products (6)

cisco/vpn_3000_concentrator

cisco/vpn_3005_concentrator

cisco/vpn_3015_concentrator

cisco/vpn_3030_concentator

cisco/vpn_3060_concentrator

cisco/vpn_3080_concentrator

Timeline

Published Jun 18, 2001

Tracked Since Feb 18, 2026