Unrated severityNVD Advisory· Published Dec 31, 2002· Updated Jun 16, 2026
CVE-2002-2139
CVE-2002-2139
Description
Cisco PIX Firewall 6.0.3 and earlier, and 6.1.x to 6.1.3, do not delete the duplicate ISAKMP SAs for a user's VPN session, which allows local users to hijack a session via a man-in-the-middle attack.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
8cpe:2.3:o:cisco:pix_firewall_software:6.0:*:*:*:*:*:*:*+ 7 more
- cpe:2.3:o:cisco:pix_firewall_software:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:pix_firewall_software:6.0\(1\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:pix_firewall_software:6.0\(2\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:pix_firewall_software:6.0\(3\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:pix_firewall_software:6.1:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:pix_firewall_software:6.1\(2\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:pix_firewall_software:6.1\(3\):*:*:*:*:*:*:*
- (no CPE)range: <=6.0.3, 6.1.0-6.1.3
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.