cbcvebase.
CVE-2002-0013
published 2002-02-13

CVE-2002-0013: Vulnerabilities in the SNMPv1 request handling of a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges…

PriorityP343critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
50.84%
98.8th percentile
Vulnerabilities in the SNMPv1 request handling of a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via (1) GetRequest, (2) GetNextRequest, and (3) SetRequest messages, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly likely that this candidate will be SPLIT into multiple candidates, one or more for each vendor. This and other SNMP-related candidates will be updated when more accurate information is available.

Affected

2 ranges
VendorProductVersion rangeFixed in
cisconon-ios_products
microsoftwindows_nt

Detection & IOCsextracted from sources · hover to see the quote

port161/UDP
  • The exploit sends a spoofed SNMPv1 GetRequest packet over UDP to destination port 161; monitor for malformed SNMPv1 GetRequest, GetNextRequest, or SetRequest messages as demonstrated by the PROTOS c06-SNMPv1 test suite.
  • IDS signatures for CVE-2002-0013 are frequently triggered by benign security scans and network discovery tools, producing high false-positive rates; tune detections to reduce noise from legitimate SNMP scanners.
  • The exploit crafts raw UDP packets with IP ID set to 666 (0x029a) and TTL 245; these unusual IP header values in UDP/161 traffic may aid in identifying exploit tool usage.
  • ·Cisco advises workarounds may mitigate impact for affected non-IOS products; a separate advisory covers IOS-based products under the same CVE.
  • ·A companion advisory specifically covers Cisco IOS products affected by the same SNMP vulnerability class (CAN-2002-0012 / CAN-2002-0013).

CVSS provenance

nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_redhat10.0CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.