CVE-2001-0427

Cisco VPN 3000 Series Concentrators - Denial of Service via Invalid Login Request Flood

Title source: llm
STIX 2.1

Description

Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote attackers to cause a denial of service via a flood of invalid login requests to (1) the SSL service, or (2) the telnet service, which do not properly disconnect the user after several failed login attempts.

References (3)

Core 3
Core References
Patch, Vendor Advisory vendor-advisory x_refsource_cisco
http://www.cisco.com/warp/public/707/vpn3k-telnet-vuln-pub.shtml
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/5643
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/6298

Scores

EPSS 0.0252
EPSS Percentile 83.0%

Details

CWE
CWE-20
Status published
Products (6)
cisco/vpn_3000_concentrator
cisco/vpn_3005_concentrator
cisco/vpn_3015_concentrator
cisco/vpn_3030_concentator
cisco/vpn_3060_concentrator
cisco/vpn_3080_concentrator
Published Jun 18, 2001
Tracked Since Feb 18, 2026