[PROPOSAL] Cluster CISCO-2003a - 28 candidates

To: cve-editorial-board-list@lists.mitre.org
Subject: [PROPOSAL] Cluster CISCO-2003a - 28 candidates
From: "Steven M. Christey" <coley@LINUS.mitre.org>
Date: Mon, 17 Mar 2003 18:10:26 -0500 (EST)
Delivery-Date: Mon Mar 17 18:10:31 2003
Sender: owner-cve-editorial-board-list@lists.mitre.org
I am proposing cluster CISCO-2003a for review and voting by the
Editorial Board.

Name: CISCO-2003a
Description: CANs in Cisco advisories
Size: 28

You may vote on candidates by modifying this email ballot and sending
it back to me, or by using the CVE voting web site.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.


Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

======================================================
Candidate: CAN-2002-1092
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1092
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020906
Category: SF
Reference: CISCO:20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities
Reference: URL:http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml

Cisco VPN 3000 Concentrator 3.6(Rel) and earlier, and 2.x.x, when
configured to use internal authentication with group accounts and
without any user accounts, allows remote VPN clients to log in using
PPTP or IPSEC user authentication.

Analysis
----------------
ED_PRI CAN-2002-1092 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1093
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1093
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020906
Category: SF
Reference: CISCO:20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities
Reference: URL:http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml
Reference: XF:cisco-vpn-html-parser-dos(10018)
Reference: URL:http://www.iss.net/security_center/static/10018.php
Reference: BID:5615
Reference: URL:http://www.securityfocus.com/bid/5615

HTML interface for Cisco VPN 3000 Concentrator 2.x.x and 3.x.x before
3.0.3(B) allows remote attackers to cause a denial of service (CPU
consumption) via a long URL request.

Analysis
----------------
ED_PRI CAN-2002-1093 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1095
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1095
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020906
Category: SF
Reference: CISCO:20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities
Reference: URL:http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml
Reference: XF:cisco-vpn-pptp-dos(10021)
Reference: URL:http://www.iss.net/security_center/static/10021.php
Reference: BID:5625
Reference: URL:http://www.securityfocus.com/bid/5625

Cisco VPN 3000 Concentrator before 2.5.2(F), with encryption enabled,
allows remote attackers to cause a denial of service (reload) via a
Windows-based PPTP client with the "No Encryption" option set.

Analysis
----------------
ED_PRI CAN-2002-1095 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1096
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1096
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020906
Category: SF
Reference: CISCO:20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities
Reference: URL:http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml
Reference: BID:5611
Reference: URL:http://www.securityfocus.com/bid/5611
Reference: XF:cisco-vpn-user-passwords(10019)
Reference: URL:http://www.iss.net/security_center/static/10019.php

Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.1, allows
restricted administrators to obtain user passwords that are stored in
plaintext in HTML source code.

Analysis
----------------
ED_PRI CAN-2002-1096 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1097
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1097
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020906
Category: SF
Reference: CISCO:20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities
Reference: URL:http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml
Reference: XF:cisco-vpn-certificate-passwords(10022)
Reference: URL:http://www.iss.net/security_center/static/10022.php
Reference: BID:5612
Reference: URL:http://www.securityfocus.com/bid/5612

Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.2, allows
restricted administrators to obtain certificate passwords that are
stored in plaintext in the HTML source code for Certificate Management
pages.

Analysis
----------------
ED_PRI CAN-2002-1097 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1098
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1098
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020906
Category: SF
Reference: CISCO:20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities
Reference: URL:http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml
Reference: XF:cisco-vpn-xml-filter(10023)
Reference: URL:http://www.iss.net/security_center/static/10023.php
Reference: BID:5614
Reference: URL:http://www.securityfocus.com/bid/5614

Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, adds an
"HTTPS on Public Inbound (XML-Auto)(forward/in)" rule but sets the
protocol to "ANY" when the XML filter configuration is enabled, which
ultimately allows arbitrary traffic to pass through the concentrator.

Analysis
----------------
ED_PRI CAN-2002-1098 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1099
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1099
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020906
Category: SF
Reference: CISCO:20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities
Reference: URL:http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml
Reference: XF:cisco-vpn-web-access(10024)
Reference: URL:http://www.iss.net/security_center/static/10024.php
Reference: BID:5616
Reference: URL:http://www.securityfocus.com/bid/5616

Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, allows remote
attackers to obtain potentially sensitive information without
authentication by directly accessing certain HTML pages.

Analysis
----------------
ED_PRI CAN-2002-1099 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1100
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1100
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020906
Category: SF/CF/MP/SA/AN/unknown
Reference: CISCO:20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities
Reference: URL:http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml
Reference: XF:cisco-vpn-html-interface-dos(10025)
Reference: URL:http://www.iss.net/security_center/static/10025.php
Reference: BID:5617
Reference: URL:http://www.securityfocus.com/bid/5617

Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, allows remote
attackers to cause a denial of service (crash) via a long (1) username
or (2) password to the HTML login interface.

Analysis
----------------
ED_PRI CAN-2002-1100 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1101
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1101
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020906
Category: SF/CF/MP/SA/AN/unknown
Reference: CISCO:20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities
Reference: URL:http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml

Cisco VPN 3000 Concentrator 2.2.x, 3.6(Rel), and 3.x before 3.5.5,
allows remote attackers to cause a denial of service via a long user
name.

Analysis
----------------
ED_PRI CAN-2002-1101 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1102
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1102
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020906
Category: SF
Reference: CISCO:20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities
Reference: URL:http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml

The LAN-to-LAN IPSEC capability for Cisco VPN 3000 Concentrator 2.2.x,
and 3.x before 3.5.4, allows remote attackers to cause a denial of
service via an incoming LAN-to-LAN connection with an existing
security association with another device on the remote network, which
causes the concentrator to remove the previous connection.

Analysis
----------------
ED_PRI CAN-2002-1102 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1104
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1104
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020906
Category: SF
Reference: CISCO:20020905 Cisco VPN Client Multiple Vulnerabilities - Second Set
Reference: URL:http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml

Cisco Virtual Private Network (VPN) Client software 2.x.x and 3.x
before 3.0.5 allows remote attackers to cause a denial of service
(crash) via TCP packets with source and destination ports of 137
(NETBIOS).

Analysis
----------------
ED_PRI CAN-2002-1104 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1105
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1105
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020906
Category: SF/CF/MP/SA/AN/unknown
Reference: CISCO:20020905 Cisco VPN Client Multiple Vulnerabilities - Second Set
Reference: URL:http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml

Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x
before 3.5.1C, allows attackers to use a utility program to obtain the
group password.

Analysis
----------------
ED_PRI CAN-2002-1105 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1106
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1106
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020906
Category: SF/CF/MP/SA/AN/unknown
Reference: CISCO:20020905 Cisco VPN Client Multiple Vulnerabilities - Second Set
Reference: URL:http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml

Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x
before 3.5.1C, does not properly verify that certificate DN fields
match those of the certificate from the VPN Concentrator, which allows
remote attackers to conduct man-in-the-middle attacks.

Analysis
----------------
ED_PRI CAN-2002-1106 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1107
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1107
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020906
Category: SF
Reference: CISCO:20020905 Cisco VPN Client Multiple Vulnerabilities - Second Set
Reference: URL:http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml

Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x
before 3.5.2B, does not generate sufficiently random numbers, which
may make it vulnerable to certain attacks such as spoofing.

Analysis
----------------
ED_PRI CAN-2002-1107 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1108
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1108
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020906
Category: SF
Reference: CISCO:20020905 Cisco VPN Client Multiple Vulnerabilities - Second Set
Reference: URL:http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml

Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x
before 3.6(Rel), when configured with all tunnel mode, can be forced
into acknowledging a TCP packet from outside the tunnel.

Analysis
----------------
ED_PRI CAN-2002-1108 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1189
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1189
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021004
Category: SF
Reference: CISCO:20021004 Predefined Restriction Tables Allow Calls to International Operator
Reference: URL:http://www.cisco.com/warp/public/707/toll-fraud-pub.shtml
Reference: XF:cisco-unity-insecure-configuration(10282)
Reference: URL:http://www.iss.net/security_center/static/10282.php
Reference: BID:5896
Reference: URL:http://www.securityfocus.com/bid/5896

The default configuration of Cisco Unity 2.x and 3.x does not block
international operator calls in the predefined restriction tables,
which could allow authenticated users to place international calls
using call forwarding.

Analysis
----------------
ED_PRI CAN-2002-1189 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1222
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1222
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021017
Category: SF
Reference: CISCO:20021016 Cisco CatOS Embedded HTTP Server Buffer Overflow
Reference: URL:http://www.cisco.com/warp/public/707/catos-http-overflow-vuln.shtml
Reference: XF:cisco-catalyst-ciscoview-bo(10382)
Reference: URL:http://www.iss.net/security_center/static/10382.php
Reference: BID:5976
Reference: URL:http://www.securityfocus.com/bid/5976

Buffer overflow in the embedded HTTP server for Cisco Catalyst
switches running CatOS 5.4 through 7.3 allows remote attackers to
cause a denial of service (reset) via a long HTTP request.

Analysis
----------------
ED_PRI CAN-2002-1222 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1447
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1447
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020619 [AP] Cisco vpnclient buffer overflow
Reference: URL:http://online.securityfocus.com/archive/1/277653
Reference: CISCO:20020619 Buffer Overflow in UNIX VPN Client
Reference: URL:http://www.cisco.com/warp/public/707/cisco-unix-vpnclient-buffer-overflow-pub.shtml
Reference: MISC:http://sec.angrypacket.com/advisories/0002_AP.vpnclient.txt
Reference: XF:ciscovpn-profile-name-bo(9376)
Reference: URL:http://www.iss.net/security_center/static/9376.php
Reference: BID:5056
Reference: URL:http://www.securityfocus.com/bid/5056

Buffer overflow in the vpnclient program for UNIX VPN Client before
3.5.2 allows local users to gain administrative privileges via a long
profile name in a connect argument.

Analysis
----------------
ED_PRI CAN-2002-1447 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1491
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1491
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: CISCO:20020918 Cisco VPN 5000 Client Multiple Vulnerabilities
Reference: URL:http://www.cisco.com/warp/public/707/vpn5k-client-multiple-vuln-pub.shtml
Reference: XF:cisco-vpn5000-defaultconnection-password(10129)
Reference: URL:http://www.iss.net/security_center/static/10129.php
Reference: BID:5736
Reference: URL:http://www.securityfocus.com/bid/5736

The Cisco VPN 5000 Client for MacOS before 5.2.2 records the most
recently used login password in plaintext when saving "Default
Connection" settings, which could allow local users to gain
privileges.

Analysis
----------------
ED_PRI CAN-2002-1491 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1094
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1094
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020906
Category: SF
Reference: CISCO:20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities
Reference: URL:http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml
Reference: XF:cisco-vpn-banner-information(10020)
Reference: URL:http://www.iss.net/security_center/static/10020.php
Reference: BID:5621
Reference: URL:http://www.securityfocus.com/bid/5621
Reference: BID:5623
Reference: URL:http://www.securityfocus.com/bid/5623
Reference: BID:5624
Reference: URL:http://www.securityfocus.com/bid/5624

Information leaks in Cisco VPN 3000 Concentrator 2.x.x and 3.x.x
before 3.5.4 allow remote attackers to obtain potentially sensitive
information via the (1) SSH banner, (2) FTP banner, or (3) an
incorrect HTTP request.

Analysis
----------------
ED_PRI CAN-2002-1094 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1190
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1190
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021004
Category: SF
Reference: CISCO:20021004 Predefined Restriction Tables Allow Calls to International Operator
Reference: URL:http://www.cisco.com/warp/public/707/toll-fraud-pub.shtml
Reference: XF:cisco-unity-insecure-configuration(10282)
Reference: URL:http://www.iss.net/security_center/static/10282.php

Cisco Unity 2.x and 3.x uses well-known default user accounts, which
could allow remote attackers to gain access and place arbitrary calls.

Analysis
----------------
ED_PRI CAN-2002-1190 3
Vendor Acknowledgement: yes advisory
Content Decisions: CF-PASS

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1492
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1492
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: CISCO:20020918 Cisco VPN 5000 Client Multiple Vulnerabilities
Reference: URL:http://www.cisco.com/warp/public/707/vpn5k-client-multiple-vuln-pub.shtml
Reference: BID:5734
Reference: URL:http://www.securityfocus.com/bid/5734
Reference: XF:cisco-vpn5000-binary-bo(10131)
Reference: URL:http://www.iss.net/security_center/static/10131.php

Buffer overflows in the Cisco VPN 5000 Client before 5.2.7 for Linux,
and VPN 5000 Client before 5.2.8 for Solaris, allow local users to
gain root privileges via (1) close_tunnel and (2) open_tunnel.

Analysis
----------------
ED_PRI CAN-2002-1492 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-EXEC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1553
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1553
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030304
Category: SF
Reference: CISCO:20021031 Cisco ONS15454 and Cisco ONS15327 Vulnerabilities
Reference: URL:http://www.cisco.com/warp/public/707/ons-multiple-vuln-pub.shtml
Reference: BID:6076
Reference: URL:http://www.securityfocus.com/bid/6076
Reference: XF:cisco-ons-ftp-no-account(10505)
Reference: URL:http://www.iss.net/security_center/static/10505.php

Cisco ONS15454 and ONS15327 running ONS before 3.4 allows remote
attackers to modify the system configuration and delete files by
establishing an FTP connection to the TCC, TCC+ or XTC using a
username and password that does not exist.

Analysis
----------------
ED_PRI CAN-2002-1553 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1554
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1554
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030304
Category: SF
Reference: CISCO:20021031 Cisco ONS15454 and Cisco ONS15327 Vulnerabilities
Reference: URL:http://www.cisco.com/warp/public/707/ons-multiple-vuln-pub.shtml
Reference: XF:cisco-ons-plaintext-accounts(10506)
Reference: URL:http://www.iss.net/security_center/static/10506.php
Reference: BID:6078
Reference: URL:http://www.securityfocus.com/bid/6078

Cisco ONS15454 and ONS15327 running ONS before 3.4 stores usernames
and passwords in cleartext in the image database for the TCC, TCC+ or
XTC, which could allow attackers to gain privileges by obtaining the
passwords from the image database or a backup.

Analysis
----------------
ED_PRI CAN-2002-1554 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1555
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1555
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030304
Category: SF
Reference: CISCO:20021031 Cisco ONS15454 and Cisco ONS15327 Vulnerabilities
Reference: URL:http://www.cisco.com/warp/public/707/ons-multiple-vuln-pub.shtml
Reference: BID:6081
Reference: URL:http://www.securityfocus.com/bid/6081
Reference: XF:cisco-ons-snmp-public(10507)
Reference: URL:http://www.iss.net/security_center/static/10507.php

Cisco ONS15454 and ONS15327 running ONS before 3.4 uses a "public"
SNMP community string that cannot be changed, which allows remote
attackers to obtain sensitive information.

Analysis
----------------
ED_PRI CAN-2002-1555 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1556
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1556
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030304
Category: SF
Reference: CISCO:20021031 Cisco ONS15454 and Cisco ONS15327 Vulnerabilities
Reference: URL:http://www.cisco.com/warp/public/707/ons-multiple-vuln-pub.shtml
Reference: BID:6084
Reference: URL:http://www.securityfocus.com/bid/6084
Reference: XF:cisco-ons-corba-dos(10508)
Reference: URL:http://www.iss.net/security_center/static/10508.php

Cisco ONS15454 and ONS15327 running ONS before 3.4 allows attackers to
cause a denial of service (reset) via an HTTP request to the TCC, TCC+
or XTC, in which the request contains an invalid CORBA Interoperable
Object Reference (IOR).

Analysis
----------------
ED_PRI CAN-2002-1556 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1557
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1557
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030304
Category: SF
Reference: CISCO:20021031 Cisco ONS15454 and Cisco ONS15327 Vulnerabilities
Reference: URL:http://www.cisco.com/warp/public/707/ons-multiple-vuln-pub.shtml
Reference: BID:6082
Reference: URL:http://www.securityfocus.com/bid/6082
Reference: XF:cisco-ons-http-dos(10509)
Reference: URL:http://www.iss.net/security_center/static/10509.php

Cisco ONS15454 and ONS15327 running ONS before 3.4 allows attackers to
cause a denial of service (reset to TCC, TCC+, TCCi or XTC) via a
malformed HTTP request that does not contain a leading / (slash)
character.

Analysis
----------------
ED_PRI CAN-2002-1557 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1558
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1558
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030304
Category: SF
Reference: CISCO:20021031 Cisco ONS15454 and Cisco ONS15327 Vulnerabilities
Reference: URL:http://www.cisco.com/warp/public/707/ons-multiple-vuln-pub.shtml
Reference: XF:cisco-ons-default-vsworks-account(10510)
Reference: URL:http://www.iss.net/security_center/static/10510.php
Reference: BID:6083
Reference: URL:http://www.securityfocus.com/bid/6083

Cisco ONS15454 and ONS15327 running ONS before 3.4 have an account for
the VxWorks Operating System in the TCC, TCC+ and XTC that cannot be
changed or disabled, which allows remote attackers to gain privileges
by connecting to the account via Telnet.

Analysis
----------------
ED_PRI CAN-2002-1558 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:
Prev by Date: [PROPOSAL] Cluster CERT-2003a - 40 candidates
Next by Date: [PROPOSAL] Cluster CONFIRM-2002a - 51 candidates
Prev by thread: [PROPOSAL] Cluster CERT-2003a - 40 candidates
Next by thread: [PROPOSAL] Cluster CONFIRM-2002a - 51 candidates
Index(es):
- Date
- Thread
Page Last Updated: May 22, 2007
Common Vulnerabilities and Exposures

[PROPOSAL] Cluster CISCO-2003a - 28 candidates
