Lucene search
HistoryApr 02, 2003 - 5:00 a.m.
CVE-2002-0872
cve-2002-0872
l2tpd
session hijack
security
nvd
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
6.5 Medium
AI Score
Confidence
Low
0.012 Low
EPSS
Percentile
85.4%
l2tpd 0.67 does not initialize the random number generator, which allows remote attackers to hijack sessions.
Affected configurations
Node
l2tpdl2tpdMatch0.62
ORl2tpdl2tpdMatch0.63
ORl2tpdl2tpdMatch0.64
ORl2tpdl2tpdMatch0.65
ORl2tpdl2tpdMatch0.66
ORl2tpdl2tpdMatch0.67
| CPE | Name | Operator | Version |
|---|---|---|---|
| l2tpd:l2tpd | l2tpd | eq | 0.62 |
| l2tpd:l2tpd | l2tpd | eq | 0.63 |
| l2tpd:l2tpd | l2tpd | eq | 0.64 |
| l2tpd:l2tpd | l2tpd | eq | 0.65 |
| l2tpd:l2tpd | l2tpd | eq | 0.66 |
| l2tpd:l2tpd | l2tpd | eq | 0.67 |
Related
cvelist
cvelist
CVE-2002-0872
2003-04-02 05:00:00
nvd
nvd
CVE-2002-0872
2002-09-05 04:00:00
nessus
nessus
l2tpd < 0.68 Multiple Vulnerabilities
2003-03-14 00:00:00
Debian DSA-152-1 : l2tpd - missing random seed
2004-09-29 00:00:00
osv
osv
l2tpd - missing random seed
2002-08-13 00:00:00
openvas
openvas
Debian Security Advisory DSA 152-1 (l2tpd)
2008-01-17 00:00:00
Debian Security Advisory DSA 152-1 (l2tpd)
2008-01-17 00:00:00
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
6.5 Medium
AI Score
Confidence
Low
0.012 Low
EPSS
Percentile
85.4%
Related for CVE-2002-0872