CVE-2001-0427
Cisco VPN 3000 Series Concentrators - Denial of Service via Invalid Login Request Flood
Title source: llmDescription
Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote attackers to cause a denial of service via a flood of invalid login requests to (1) the SSL service, or (2) the telnet service, which do not properly disconnect the user after several failed login attempts.
References (3)
Core 3
Core References
Patch, Vendor Advisory vendor-advisory
x_refsource_cisco
http://www.cisco.com/warp/public/707/vpn3k-telnet-vuln-pub.shtml
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/5643
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/6298
Scores
EPSS
0.0252
EPSS Percentile
83.0%
Details
CWE
CWE-20
Status
published
Products (6)
cisco/vpn_3000_concentrator
cisco/vpn_3005_concentrator
cisco/vpn_3015_concentrator
cisco/vpn_3030_concentator
cisco/vpn_3060_concentrator
cisco/vpn_3080_concentrator
Published
Jun 18, 2001
Tracked Since
Feb 18, 2026