What is the severity of CVE-2003-0258?

CVE-2003-0258 has been classified with a high severity due to the potential for remote attackers to access the private network without authentication.

How do I fix CVE-2003-0258?

To fix CVE-2003-0258, ensure that IPSec over TCP is disabled on affected Cisco VPN 3000 series concentrators and update to the latest secured software version.

Which Cisco products are affected by CVE-2003-0258?

CVE-2003-0258 affects several Cisco products including the VPN 3015, 3030, 3060, 3080 Concentrators, and the VPN 3002 Hardware Client.

Can CVE-2003-0258 be exploited remotely?

Yes, CVE-2003-0258 can be exploited remotely by attackers if the vulnerability's conditions are met.

Is there a patch available for CVE-2003-0258?

Yes, Cisco provides patches in the updated versions of their VPN software that address the vulnerability known as CVE-2003-0258.

Vulnerability/
CVE-2003-0258

high

7.5

CWE

NVD-CWE-Other

8/5/2003

8/8/2024

CVE-2003-0258

First published: Thu May 08 2003(Updated: )

Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 3.5.x through 4.0.REL, when enabling IPSec over TCP for a port on the concentrator, allow remote attackers to reach the private network without authentication.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Cisco VPN 3015 Concentrator
Cisco VPN 3030 Concentrator
Cisco VPN 3060 Concentrator
Cisco VPN 3080 Concentrator
Cisco VPN 3000 concentrator series software	=3.5\(rel\)
Cisco VPN 3000 concentrator series software	=3.5.1
Cisco VPN 3000 concentrator series software	=3.5.2
Cisco VPN 3000 concentrator series software	=3.5.3
Cisco VPN 3000 concentrator series software	=3.5.4
Cisco VPN 3000 concentrator series software	=3.5.5
Cisco VPN 3000 concentrator series software	=3.6
Cisco VPN 3000 concentrator series software	=3.6.1
Cisco VPN 3000 concentrator series software	=3.6.3
Cisco VPN 3000 concentrator series software	=3.6.5
Cisco VPN 3000 concentrator series software	=3.6.7
Cisco VPN 3000 concentrator series software	=3.6.7.a
Cisco VPN 3000 concentrator series software	=3.6.7.b
Cisco VPN 3000 concentrator series software	=3.6.7.c
Cisco VPN 3000 concentrator series software	=3.6.7.d
Cisco VPN 3000 concentrator series software	=3.6.7d
Cisco VPN 3000 concentrator series software	=4.0
Cisco VPN 3005 Concentrator	=4.0.1
Cisco VPN 3002 Hardware Client

Remedy

http://www.cisco.com/warp/public/707/cisco-sa-20030507-vpn3k.shtml

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2003-0258?
CVE-2003-0258 has been classified with a high severity due to the potential for remote attackers to access the private network without authentication.
How do I fix CVE-2003-0258?
To fix CVE-2003-0258, ensure that IPSec over TCP is disabled on affected Cisco VPN 3000 series concentrators and update to the latest secured software version.
Which Cisco products are affected by CVE-2003-0258?
CVE-2003-0258 affects several Cisco products including the VPN 3015, 3030, 3060, 3080 Concentrators, and the VPN 3002 Hardware Client.
Can CVE-2003-0258 be exploited remotely?
Yes, CVE-2003-0258 can be exploited remotely by attackers if the vulnerability's conditions are met.
Is there a patch available for CVE-2003-0258?
Yes, Cisco provides patches in the updated versions of their VPN software that address the vulnerability known as CVE-2003-0258.

collector/nvd-historical
agent/type
collector/mitre-cve
source/MITRE
agent/severity
agent/last-modified-date
agent/remedy
agent/author
agent/weakness
agent/references
agent/event
agent/description
agent/first-publish-date
agent/source
agent/tags
agent/softwarecombine
collector/nvd-index
agent/software-canonical-lookup-request
vendor/cisco
canonical/cisco vpn 3015 concentrator
canonical/cisco vpn 3030 concentrator
canonical/cisco vpn 3060 concentrator
canonical/cisco vpn 3080 concentrator
canonical/cisco vpn 3000 concentrator series software
version/cisco vpn 3000 concentrator series software/3.5\(rel\)
version/cisco vpn 3000 concentrator series software/3.5.1
version/cisco vpn 3000 concentrator series software/3.5.2
version/cisco vpn 3000 concentrator series software/3.5.3
version/cisco vpn 3000 concentrator series software/3.5.4
version/cisco vpn 3000 concentrator series software/3.5.5
version/cisco vpn 3000 concentrator series software/3.6
version/cisco vpn 3000 concentrator series software/3.6.1
version/cisco vpn 3000 concentrator series software/3.6.3
version/cisco vpn 3000 concentrator series software/3.6.5
version/cisco vpn 3000 concentrator series software/3.6.7
version/cisco vpn 3000 concentrator series software/3.6.7.a
version/cisco vpn 3000 concentrator series software/3.6.7.b
version/cisco vpn 3000 concentrator series software/3.6.7.c
version/cisco vpn 3000 concentrator series software/3.6.7.d
version/cisco vpn 3000 concentrator series software/3.6.7d
version/cisco vpn 3000 concentrator series software/4.0
canonical/cisco vpn 3005 concentrator
version/cisco vpn 3005 concentrator/4.0.1
canonical/cisco vpn 3002 hardware client