Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2002-0666
HistoryNov 04, 2002 - 5:00 a.m.

CVE-2002-0666

2002-11-0405:00:00
[email protected]
web.nvd.nist.gov
35
cve-2002-0666
ipsec
frees/wan
kame
authentication data
denial of service
kernel panic
esp
integer signedness errors

6.7 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.033 Low

EPSS

Percentile

91.4%

JSON

IPSEC implementations including (1) FreeS/WAN and (2) KAME do not properly calculate the length of authentication data, which allows remote attackers to cause a denial of service (kernel panic) via spoofed, short Encapsulating Security Payload (ESP) packets, which result in integer signedness errors.

Affected configurations

NVD
Node
frees_wanfrees_wanMatch1.9
OR
frees_wanfrees_wanMatch1.9.1
OR
frees_wanfrees_wanMatch1.9.2
OR
frees_wanfrees_wanMatch1.9.3
OR
frees_wanfrees_wanMatch1.9.4
OR
frees_wanfrees_wanMatch1.9.5
OR
frees_wanfrees_wanMatch1.9.6
Node
applemac_os_xMatch10.2
OR
applemac_os_x_serverMatch10.2
OR
freebsdfreebsdMatch4.6
OR
freebsdfreebsdMatch4.6release
OR
freebsdfreebsdMatch4.6stable
OR
netbsdnetbsdMatch1.5
OR
netbsdnetbsdMatch1.5sh3
OR
netbsdnetbsdMatch1.5x86
OR
netbsdnetbsdMatch1.5.1
OR
netbsdnetbsdMatch1.5.2
OR
netbsdnetbsdMatch1.5.3
OR
netbsdnetbsdMatch1.6beta
Node
global_technology_associatesgnat_box_firmwareMatch3.1
OR
global_technology_associatesgnat_box_firmwareMatch3.2
OR
global_technology_associatesgnat_box_firmwareMatch3.3
OR
necbluefire_ix1035_router
OR
necix1010
OR
necix1011
OR
necix1020
OR
necix1050
OR
necix2010

Related

nvd 1
openvas 2
osv 1
cert 1
cvelist 1
nessus 1
nvd
nvd
CVE-2002-0666
2002-11-04 05:00:00
openvas
openvas
Debian Security Advisory DSA 201-1 (freeswan)
2008-01-17 00:00:00
Debian: Security Advisory (DSA-201)
2008-01-17 00:00:00
osv
osv
freeswan - denial of service
2002-12-02 00:00:00
cert
cert
Multiple IPsec implementations do not adequately validate authentication data
2002-10-17 00:00:00
cvelist
cvelist
CVE-2002-0666
2002-10-25 04:00:00
nessus
nessus
Debian DSA-201-1 : freeswan - denial of service
2004-09-29 00:00:00

6.7 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.033 Low

EPSS

Percentile

91.4%

JSON
Related for CVE-2002-0666
nvd1openvas2osv1cert1cvelist1nessus1