CVE-2003-0242

IPSec in Mac OS X before 10.2.6 does not properly handle certain incoming security policies that match by port, which could allow traffic that is not explicitly allowed by the policies.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://docs.info.apple.com/article.html?artnum=61798	Broken Link
http://secunia.com/advisories/8798	Third Party Advisory
http://securitytracker.com/id?1006796	Third Party Advisory VDB Entry
http://www.kb.cert.org/vuls/id/869548	Third Party Advisory US Government Resource
http://www.securityfocus.com/bid/7628	Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/12027	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2003-06-09 04:00

Updated : 2020-12-09 15:06

NVD link : CVE-2003-0242

Mitre link : CVE-2003-0242

CVE.ORG link : CVE-2003-0242

JSON object : View

Products Affected

apple

mac_os_x

CWE

NVD-CWE-noinfo

{"id": "CVE-2003-0242", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2003-06-09T04:00:00.000", "references": [{"url": "http://docs.info.apple.com/article.html?artnum=61798", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/8798", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1006796", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://www.kb.cert.org/vuls/id/869548", "tags": ["Third Party Advisory", "US Government Resource"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/7628", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12027", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "IPSec in Mac OS X before 10.2.6 does not properly handle certain incoming security policies that match by port, which could allow traffic that is not explicitly allowed by the policies."}, {"lang": "es", "value": "IPSec en Mac OS X anterior a la 10.2.6 no maneja correctamente ciertas pol\u00edticas de seguridad asignadas por puerto, lo que permitir\u00eda tr\u00e1fico que no est\u00e1 expl\u00edcitamente permitido por esas pol\u00edticas."}], "lastModified": "2020-12-09T15:06:47.087", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A1CD8EE9-D279-46C2-9934-C855D09331BC", "versionEndExcluding": "10.2.6"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}