Lucene search

[email protected]CVE-2002-1755

HistoryJun 21, 2005 - 4:00 a.m.

CVE-2002-1755

2005-06-2104:00:00

[email protected]

web.nvd.nist.gov

tinc

vpn

remote attackers

data injection

user sessions

security vulnerability

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

6.8 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.4%

JSON

tinc 1.0pre3 and 1.0pre4 VPN does not authenticate forwarded packets, which allows remote attackers to inject data into user sessions without detection, and possibly control the data contents via cut-and-paste attacks on CBC.

Affected configurations

NVD

Node

tinctincMatch1.0pre3

tinctincMatch1.0pre4

CPENameOperatorVersion
tinc:tinctinceq1.0pre3
tinc:tinctinceq1.0pre4

CPE	Name	Operator	Version
tinc:tinc	tinc	eq	1.0pre3
tinc:tinc	tinc	eq	1.0pre4

References

www.securityfocus.com/archive/1/249142

exchange.xforce.ibmcloud.com/vulnerabilities/7868

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

6.8 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.4%

JSON

Related for CVE-2002-1755

cvelist1 nvd1 debiancve1