CVE-2002-0013
published 2002-02-13CVE-2002-0013: Vulnerabilities in the SNMPv1 request handling of a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges…
PriorityP343critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
50.84%
98.8th percentile
Vulnerabilities in the SNMPv1 request handling of a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via (1) GetRequest, (2) GetNextRequest, and (3) SetRequest messages, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly likely that this candidate will be SPLIT into multiple candidates, one or more for each vendor. This and other SNMP-related candidates will be updated when more accurate information is available.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | non-ios_products | — | — |
| microsoft | windows_nt | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →The exploit sends a spoofed SNMPv1 GetRequest packet over UDP to destination port 161; monitor for malformed SNMPv1 GetRequest, GetNextRequest, or SetRequest messages as demonstrated by the PROTOS c06-SNMPv1 test suite. ↗
- →IDS signatures for CVE-2002-0013 are frequently triggered by benign security scans and network discovery tools, producing high false-positive rates; tune detections to reduce noise from legitimate SNMP scanners. ↗
- →The exploit crafts raw UDP packets with IP ID set to 666 (0x029a) and TTL 245; these unusual IP header values in UDP/161 traffic may aid in identifying exploit tool usage. ↗
- ·Cisco advises workarounds may mitigate impact for affected non-IOS products; a separate advisory covers IOS-based products under the same CVE. ↗
- ·A companion advisory specifically covers Cisco IOS products affected by the same SNMP vulnerability class (CAN-2002-0012 / CAN-2002-0013). ↗
CVSS provenance
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_redhat10.0CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
security flaw
vendor_redhat·2002-02-12·CVSS 10.0
CVE-2002-0013 [CRITICAL] security flaw
security flaw
Vulnerabilities in the SNMPv1 request handling of a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via (1) GetRequest, (2) GetNextRequest, and (3) SetRequest messages, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly likely that this candidate will be SPLIT into multiple candidates, one or more for each vendor. This and other SNMP-related candidates will be updated when more accurate information is available.
Cisco
Malformed SNMP Message-Handling Vulnerabilities for Cisco Non-IOS Products
vendor_cisco·2002-02-11
CVE-2002-0012 Malformed SNMP Message-Handling Vulnerabilities for Cisco Non-IOS Products
Malformed SNMP Message-Handling Vulnerabilities for Cisco Non-IOS Products
Multiple Cisco products contain vulnerabilities in the processing of
Simple Network Management Protocol (SNMP) messages. These vulnerabilities can
be repeatedly exploited to produce a denial of service. In most cases,
workarounds are available that may mitigate the impact. Some of these
vulnerabilities are identified by various groups as VU#617947, VU#107186, OUSPG
#0100, CAN-2002-0012, and CAN-2002-0013.
This advisory is available at
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20020211-snmp-msgs-non-ios,
and it describes this vulnerability as it applies to Cisco products that do not
run Cisco IOS software.
A companion document describes this vulnerability for products t
Cisco
Malformed SNMP Message-Handling Vulnerabilities for Cisco Non-IOS Products
vendor_cisco
CVE-2002-0013 Malformed SNMP Message-Handling Vulnerabilities for Cisco Non-IOS Products
CVE-2002-0013: Malformed SNMP Message-Handling Vulnerabilities for Cisco Non-IOS Products
Multiple Cisco products contain vulnerabilities in the processing of Simple Network Management Protocol (SNMP) messages. These vulnerabilities can be repeatedly exploited to produce a denial of service. In most cases,
Bug IDs: CSCdw67458, CSCdw64236, CSCdw65996, CSCdw69634, CSCdw64918
GHSA
GHSA-rq76-m97w-6r3m: Vulnerabilities in the SNMPv1 request handling of a large number of SNMP implementations allow remote attackers to cause a denial of service or gain p
ghsa_unreviewed·2022-05-03
CVE-2002-0013 [HIGH] GHSA-rq76-m97w-6r3m: Vulnerabilities in the SNMPv1 request handling of a large number of SNMP implementations allow remote attackers to cause a denial of service or gain p
Vulnerabilities in the SNMPv1 request handling of a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via (1) GetRequest, (2) GetNextRequest, and (3) SetRequest messages, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly likely that this candidate will be SPLIT into multiple candidates, one or more for each vendor. This and other SNMP-related candidates will be updated when more accurate information is available.
GHSA
GHSA-j3wm-r3jm-rxjg: Buffer overflow in SNMP agent service in Windows 95/98/98SE, Windows NT 4
ghsa_unreviewed·2022-04-30·CVSS 10.0
CVE-2002-0053 [CRITICAL] CWE-119 GHSA-j3wm-r3jm-rxjg: Buffer overflow in SNMP agent service in Windows 95/98/98SE, Windows NT 4
Buffer overflow in SNMP agent service in Windows 95/98/98SE, Windows NT 4.0, Windows 2000, and Windows XP allows remote attackers to cause a denial of service or execute arbitrary code via a malformed management request. NOTE: this candidate may be split or merged with other candidates. This and other PROTOS-related candidates, especially CVE-2002-0012 and CVE-2002-0013, will be updated when more accurate information is available.
Suricata
GPL SNMP public access udp
suricata·2010-09-23
CVE-1999-0517 GPL SNMP public access udp
GPL SNMP public access udp
Rule: alert udp $EXTERNAL_NET any -> $HOME_NET 161 (msg:"GPL SNMP public access udp"; content:"public"; fast_pattern; reference:bugtraq,2112; reference:bugtraq,4088; reference:bugtraq,4089; reference:cve,1999-0517; reference:cve,2002-0012; reference:cve,2002-0013; classtype:attempted-recon; sid:2101411; rev:13; metadata:created_at 2010_09_23, cve CVE_1999_0517, signature_severity Informational, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_10_08;)
Suricata
GPL SNMP private access tcp
suricata·2010-09-23
CVE-2002-0012 GPL SNMP private access tcp
GPL SNMP private access tcp
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 161 (msg:"GPL SNMP private access tcp"; flow:established,to_server; content:"private"; reference:bugtraq,4088; reference:bugtraq,4089; reference:bugtraq,4132; reference:cve,2002-0012; reference:cve,2002-0013; classtype:attempted-recon; sid:2101414; rev:13; metadata:created_at 2010_09_23, cve CVE_2002_0012, signature_severity Informational, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_08;)
Suricata
GPL SNMP public access tcp
suricata·2010-09-23
CVE-1999-0517 GPL SNMP public access tcp
GPL SNMP public access tcp
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 161 (msg:"GPL SNMP public access tcp"; flow:established,to_server; content:"public"; reference:bugtraq,2112; reference:bugtraq,4088; reference:bugtraq,4089; reference:bugtraq,7212; reference:cve,1999-0517; reference:cve,2002-0012; reference:cve,2002-0013; classtype:attempted-recon; sid:2101412; rev:15; metadata:created_at 2010_09_23, cve CVE_1999_0517, signature_severity Informational, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_08;)
Suricata
GPL SNMP private access udp
suricata·2010-09-23
CVE-2002-0012 GPL SNMP private access udp
GPL SNMP private access udp
Rule: alert udp $EXTERNAL_NET any -> $HOME_NET 161 (msg:"GPL SNMP private access udp"; content:"private"; fast_pattern; reference:bugtraq,4088; reference:bugtraq,4089; reference:bugtraq,4132; reference:bugtraq,7212; reference:cve,2002-0012; reference:cve,2002-0013; classtype:attempted-recon; sid:2101413; rev:12; metadata:created_at 2010_09_23, cve CVE_2002_0012, signature_severity Informational, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_10_08;)
Trailofbits
The DBIR’s ‘Forest’ of Exploit Signatures
blogs_trailofbits·2016-05-05
The DBIR’s ‘Forest’ of Exploit Signatures
If you follow the recommendations in the 2016 Verizon Data Breach Investigations Report (DBIR), you will expose your organization to more risk, not less. The report’s most glaring flaw is the assertion that the TLS FREAK vulnerability is among the ‘Top 10’ most exploited on the Internet. No experienced security practitioner believes that FREAK is widely exploited. Where else did Verizon get it wrong?
This question undermines the rest of the report. The DBIR is a collaborative effort involving 60+ organizations’ proprietary data. It’s the single best source of information for enterprise defenders, which is why it’s a travesty that its section on vulnerabilities used in data breaches contains misleading data, analysis, and recommendations.
Verizon must ‘be better.’ They have to set a highe
Trailofbits
The DBIR’s ‘Forest’ of Exploit Signatures
blogs_trailofbits·2016-05-05
The DBIR’s ‘Forest’ of Exploit Signatures
If you follow the recommendations in the 2016 Verizon Data Breach Investigations Report ( DBIR ), you will expose your organization to more risk, not less. The report’s most glaring flaw is the assertion that the TLS FREAK vulnerability is among the ‘Top 10’ most exploited on the Internet. No experienced security practitioner believes that FREAK is widely exploited. Where else did Verizon get it wrong?
This question undermines the rest of the report. The DBIR is a collaborative effort involving 60+ organizations’ proprietary data. It’s the single best source of information for enterprise defenders, which is why it’s a travesty that its section on vulnerabilities used in data breaches contains misleading data, analysis, and recommendations.
Verizon must ‘be better.’ They have to set a hig
Bugzilla
CVE-2002-0013 security flaw
bugzilla·2018-08-16·CVSS 10.0
CVE-2002-0013 [CRITICAL] CVE-2002-0013 security flaw
CVE-2002-0013 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
Vulnerabilities in the SNMPv1 request handling of a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via (1) GetRequest, (2) GetNextRequest, and (3) SetRequest messages, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly likely that this candidate will be SPLIT into multiple candidates, one or more for each vendor. This and other SNMP-related candidates will be updated when more accurate information is available.
ftp://patches.sgi.com/support/free/security/advisories/20020201-01-Ahttp://sunsolve.sun.com/search/document.do?assetkey=1-26-57404-1http://www.cert.org/advisories/CA-2002-03.htmlhttp://www.ee.oulu.fi/research/ouspg/protos/testing/c06/snmpv1/index.htmlhttp://www.iss.net/security_center/alerts/advise110.phphttp://www.kb.cert.org/vuls/id/854306http://www.redhat.com/support/errata/RHSA-2001-163.htmlhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-006https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A298https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A87ftp://patches.sgi.com/support/free/security/advisories/20020201-01-Ahttp://sunsolve.sun.com/search/document.do?assetkey=1-26-57404-1http://www.cert.org/advisories/CA-2002-03.htmlhttp://www.ee.oulu.fi/research/ouspg/protos/testing/c06/snmpv1/index.htmlhttp://www.iss.net/security_center/alerts/advise110.phphttp://www.kb.cert.org/vuls/id/854306http://www.redhat.com/support/errata/RHSA-2001-163.htmlhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-006https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A298https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A87
2002-02-13
Published