CVE-2002-0234

Current Description

NetScreen ScreenOS before 2.6.1 does not support a maximum number of concurrent sessions for a system, which allows an attacker on the trusted network to cause a denial of service (resource exhaustion) via a port scan to an external network, which consumes all available connections.

Basic Data

PublishedMay 29, 2002
Last ModifiedOctober 18, 2016
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:L/AC:L/Au:N/C:N/I:N/A:P
CVSS 2 - Access VectorLOCAL
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score2.1
SeverityLOW
Exploitability Score3.9
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSJuniperNetscreen Screenos********2.6.1

Vulnerable Software List

VendorProductVersions
Juniper Netscreen Screenos *

References

NameSourceURLTags
20020201 NetScreen ScreenOS 2.6 Subject to Trust Interface DoShttp://marc.info/?l=bugtraq&m=101258281818524&w=2BUGTRAQ
20020201 RE: NetScreen ScreenOS 2.6 Subject to Trust Interface DoShttp://marc.info/?l=bugtraq&m=101258887105690&w=2BUGTRAQ
20020205 NetScreen Response to ScreenOS Port Scan DoS Vulnerabilityhttp://online.securityfocus.com/archive/1/254268BUGTRAQVendor Advisory
netscreen-screenos-scan-dos(8057)http://www.iss.net/security_center/static/8057.phpXFPatch Vendor Advisory
4015http://www.securityfocus.com/bid/4015BIDPatch Vendor Advisory