CVE-2002-2139

Published: Dec 31, 2002Modified: Apr 16, 2026

6.4

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Exploitability: 10.0 / Impact: 4.9

Source: NVD

Description

Cisco PIX Firewall 6.0.3 and earlier, and 6.1.x to 6.1.3, do not delete the duplicate ISAKMP SAs for a user's VPN session, which allows local users to hijack a session via a man-in-the-middle attack.

Affected (7)

Products: Cisco: Pix Firewall Software

Cisco

1 product

Pix Firewall Software

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Cisco Pix Firewall Software	Version 6.0
Cisco Pix Firewall Software	Version 6.0(1)
Cisco Pix Firewall Software	Version 6.0(2)
Cisco Pix Firewall Software	Version 6.0(3)
Cisco Pix Firewall Software	Version 6.1
Cisco Pix Firewall Software	Version 6.1(2)
Cisco Pix Firewall Software	Version 6.1(3)