Lucene search

[email protected]NVD:CVE-2002-1755

HistoryDec 31, 2002 - 5:00 a.m.

CVE-2002-1755

2002-12-3105:00:00

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.7

Confidence

High

EPSS

0.003

Percentile

70.4%

JSON

tinc 1.0pre3 and 1.0pre4 VPN does not authenticate forwarded packets, which allows remote attackers to inject data into user sessions without detection, and possibly control the data contents via cut-and-paste attacks on CBC.

Affected configurations

Nvd

Node

tinctincMatch1.0pre3

tinctincMatch1.0pre4

VendorProductVersionCPE
tinctinc1.0pre3cpe:2.3:a:tinc:tinc:1.0pre3:*:*:*:*:*:*:*
tinctinc1.0pre4cpe:2.3:a:tinc:tinc:1.0pre4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
tinc	tinc	1.0pre3	cpe:2.3:a:tinc:tinc:1.0pre3:::::::*
tinc	tinc	1.0pre4	cpe:2.3:a:tinc:tinc:1.0pre4:::::::*

References

www.securityfocus.com/archive/1/249142

exchange.xforce.ibmcloud.com/vulnerabilities/7868

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.7

Confidence

High

EPSS

0.003

Percentile

70.4%

JSON

Related for NVD:CVE-2002-1755

cve1 debiancve1 cvelist1