Lucene search

MitreCVE-2002-1755

HistoryJun 21, 2005 - 4:00 a.m.

CVE-2002-1755

2005-06-2104:00:00

mitre

web.nvd.nist.gov

tinc

vpn

remote attackers

data injection

user sessions

security vulnerability

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.8

Confidence

High

EPSS

0.003

Percentile

70.4%

JSON

tinc 1.0pre3 and 1.0pre4 VPN does not authenticate forwarded packets, which allows remote attackers to inject data into user sessions without detection, and possibly control the data contents via cut-and-paste attacks on CBC.

Affected configurations

Nvd

Node

tinctincMatch1.0pre3

tinctincMatch1.0pre4

VendorProductVersionCPE
tinctinc1.0pre3cpe:2.3:a:tinc:tinc:1.0pre3:*:*:*:*:*:*:*
tinctinc1.0pre4cpe:2.3:a:tinc:tinc:1.0pre4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
tinc	tinc	1.0pre3	cpe:2.3:a:tinc:tinc:1.0pre3:::::::*
tinc	tinc	1.0pre4	cpe:2.3:a:tinc:tinc:1.0pre4:::::::*

References

www.securityfocus.com/archive/1/249142

exchange.xforce.ibmcloud.com/vulnerabilities/7868

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.8

Confidence

High

EPSS

0.003

Percentile

70.4%

JSON

Related for CVE-2002-1755