CVE-2002-2139 — Cisco PIX Firewall Software vulnerability

3 documents3 sources

Severity

6.4MEDIUMNVD

EPSS

0.5%

top 32.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco PIX Firewall Software

Timeline

PublishedDec 31

Latest updateApr 30

Description

Cisco PIX Firewall 6.0.3 and earlier, and 6.1.x to 6.1.3, do not delete the duplicate ISAKMP SAs for a user's VPN session, which allows local users to hijack a session via a man-in-the-middle attack.

CVSS vector

AV:N/AC:L/C:P/I:P/A:NExploitability: 10.0 | Impact: 4.9

Affected Packages1 packages

▶NVDcisco/pix_firewall_software7 versions+6

Patches

Patch: www.ciac.org ↗Patch: www.securityfocus.com ↗Patch: www.ciac.org ↗

🔴Vulnerability Details

GHSA

GHSA-wvrc-375c-f654: Cisco PIX Firewall 6↗2022-04-30

▶

CVEList

CVE-2002-2139: Cisco PIX Firewall 6↗2005-11-16

▶