VAR-200312-0197
Vulnerability from variot - Updated: 2023-12-18 12:40The Cisco LEAP challenge/response authentication mechanism uses passwords in a way that is susceptible to dictionary attacks, which makes it easier for remote attackers to gain privileges via brute force password guessing attacks. Successful attackers will be able to gain unauthorized access to affected networks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200312-0197",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "leap",
"scope": null,
"trust": 0.9,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#473108"
},
{
"db": "BID",
"id": "8755"
},
{
"db": "NVD",
"id": "CVE-2003-1096"
},
{
"db": "CNNVD",
"id": "CNNVD-200312-100"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:leap:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2003-1096"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The disclosure of this issue has been credited to the vendor.",
"sources": [
{
"db": "BID",
"id": "8755"
},
{
"db": "CNNVD",
"id": "CNNVD-200312-100"
}
],
"trust": 0.9
},
"cve": "CVE-2003-1096",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-7921",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2003-1096",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#473108",
"trust": 0.8,
"value": "18.98"
},
{
"author": "CNNVD",
"id": "CNNVD-200312-100",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-7921",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#473108"
},
{
"db": "VULHUB",
"id": "VHN-7921"
},
{
"db": "NVD",
"id": "CVE-2003-1096"
},
{
"db": "CNNVD",
"id": "CNNVD-200312-100"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Cisco LEAP challenge/response authentication mechanism uses passwords in a way that is susceptible to dictionary attacks, which makes it easier for remote attackers to gain privileges via brute force password guessing attacks. Successful attackers will be able to gain unauthorized access to affected networks",
"sources": [
{
"db": "NVD",
"id": "CVE-2003-1096"
},
{
"db": "CERT/CC",
"id": "VU#473108"
},
{
"db": "BID",
"id": "8755"
},
{
"db": "VULHUB",
"id": "VHN-7921"
}
],
"trust": 1.98
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-7921",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-7921"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "8755",
"trust": 2.8
},
{
"db": "CERT/CC",
"id": "VU#473108",
"trust": 2.5
},
{
"db": "NVD",
"id": "CVE-2003-1096",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "15209",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200312-100",
"trust": 0.7
},
{
"db": "CISCO",
"id": "20030803 DICTIONARY ATTACK ON CISCO LEAP VULNERABILITY",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20031003 DICTIONARY ATTACK AGAINST CISCO\u0027S LEAP, WIRELESS LANS VULNERABLE",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20040407 RELEASE OF CISCO ATTACK TOOL ASLEAP",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20031006 WEAKNESSES IN LEAP CHALLENGE/RESPONSE",
"trust": 0.6
},
{
"db": "XF",
"id": "12804",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "23212",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-7921",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#473108"
},
{
"db": "VULHUB",
"id": "VHN-7921"
},
{
"db": "BID",
"id": "8755"
},
{
"db": "NVD",
"id": "CVE-2003-1096"
},
{
"db": "CNNVD",
"id": "CNNVD-200312-100"
}
]
},
"id": "VAR-200312-0197",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-7921"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:40:34.189000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2003-1096"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://www.cisco.com/warp/public/707/cisco-sn-20030802-leap.shtml"
},
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/8755"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/340119"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/340365"
},
{
"trust": 1.7,
"url": "http://www.kb.cert.org/vuls/id/473108"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/15209"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12804"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=108135227731965\u0026w=2"
},
{
"trust": 0.8,
"url": "http://www.cisco.com/en/us/products/hw/wireless/ps5279/prod_bulletin09186a00801cc901.html"
},
{
"trust": 0.8,
"url": "http://www.cisco.com/en/us/tech/tk722/tk809/technologies_tech_note09186a00801aa80f.shtml"
},
{
"trust": 0.8,
"url": "http://www.cisco.com/en/us/netsol/ns339/ns395/ns176/ns178/networking_solutions_white_paper09186a00800b469f.shtml"
},
{
"trust": 0.8,
"url": "http://www.cisco.com/warp/public/cc/pd/witc/ao1200ap/prodlit/wswpf_wp.htm"
},
{
"trust": 0.8,
"url": "http://www.computerworld.com/mobiletopics/mobile/story/0,10801,85637,00.html?f=x68"
},
{
"trust": 0.8,
"url": "http://www.unstrung.com/document.asp?doc_id=41185"
},
{
"trust": 0.8,
"url": "http://asleap.sourceforge.net/"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/12804"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=108135227731965\u0026w=2"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/en/us/netsol/ns110/ns175/ns176/ns178/networking_solutions_package.html"
},
{
"trust": 0.3,
"url": "/archive/1/340119"
},
{
"trust": 0.3,
"url": "/archive/1/340565"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=108135227731965\u0026amp;w=2"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#473108"
},
{
"db": "VULHUB",
"id": "VHN-7921"
},
{
"db": "BID",
"id": "8755"
},
{
"db": "NVD",
"id": "CVE-2003-1096"
},
{
"db": "CNNVD",
"id": "CNNVD-200312-100"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#473108"
},
{
"db": "VULHUB",
"id": "VHN-7921"
},
{
"db": "BID",
"id": "8755"
},
{
"db": "NVD",
"id": "CVE-2003-1096"
},
{
"db": "CNNVD",
"id": "CNNVD-200312-100"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2003-10-30T00:00:00",
"db": "CERT/CC",
"id": "VU#473108"
},
{
"date": "2003-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-7921"
},
{
"date": "2003-10-03T00:00:00",
"db": "BID",
"id": "8755"
},
{
"date": "2003-12-31T05:00:00",
"db": "NVD",
"id": "CVE-2003-1096"
},
{
"date": "2003-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200312-100"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-05-20T00:00:00",
"db": "CERT/CC",
"id": "VU#473108"
},
{
"date": "2017-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-7921"
},
{
"date": "2003-10-03T00:00:00",
"db": "BID",
"id": "8755"
},
{
"date": "2017-07-11T01:29:44.290000",
"db": "NVD",
"id": "CVE-2003-1096"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200312-100"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200312-100"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Lightweight Extensible Authentication Protocol (LEAP) uses passwords that are vulnerable to dictionary attacks",
"sources": [
{
"db": "CERT/CC",
"id": "VU#473108"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "8755"
},
{
"db": "CNNVD",
"id": "CNNVD-200312-100"
}
],
"trust": 0.9
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…