VDB
CVE-2003-0258
CVE-2003-0258
PUBLISHED
CVSS 7.5 HIGH
Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 3.5.x through 4.0.REL, when enabling IPSec over TCP for a port on the concentrator, allow remote attackers to reach the private network without authentication.
EPSS 2.27% · 85.0th percentile
Risk Scores
CVSS 2.0
7.5
EPSS Score
2.27%
85.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| cisco | vpn_3060_concentrator | |
| n/a | n/a | * |
| cisco | vpn_3015_concentrator | |
| cisco | vpn_3000_concentrator_series_software | 3.5.2, 3.5.3, 3.5.5 |
| cisco | vpn_3002_hardware_client | |
| cisco | vpn_3030_concentator | |
| cisco | vpn_3005_concentrator_software | 4.0.1 |
| cisco | vpn_3080_concentrator |
Timeline
- May 8, 2003 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Sep 8, 2023 EPSS Score
References
- VU#727780 third-party-advisory
- 20030507 Cisco VPN 3000 Concentrator Vulnerabilities vendor-advisory
- cisco-vpn-unauth-access(11954) vdb
- https://nvd.nist.gov/vuln/detail/CVE-2003-0258 advisory