VYPR
Unrated severityNVD Advisory· Published Dec 31, 2002· Updated Jun 16, 2026

CVE-2002-2139

CVE-2002-2139

Description

Cisco PIX Firewall 6.0.3 and earlier, and 6.1.x to 6.1.3, do not delete the duplicate ISAKMP SAs for a user's VPN session, which allows local users to hijack a session via a man-in-the-middle attack.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

8
  • cpe:2.3:o:cisco:pix_firewall_software:6.0:*:*:*:*:*:*:*+ 7 more
    • cpe:2.3:o:cisco:pix_firewall_software:6.0:*:*:*:*:*:*:*
    • cpe:2.3:o:cisco:pix_firewall_software:6.0\(1\):*:*:*:*:*:*:*
    • cpe:2.3:o:cisco:pix_firewall_software:6.0\(2\):*:*:*:*:*:*:*
    • cpe:2.3:o:cisco:pix_firewall_software:6.0\(3\):*:*:*:*:*:*:*
    • cpe:2.3:o:cisco:pix_firewall_software:6.1:*:*:*:*:*:*:*
    • cpe:2.3:o:cisco:pix_firewall_software:6.1\(2\):*:*:*:*:*:*:*
    • cpe:2.3:o:cisco:pix_firewall_software:6.1\(3\):*:*:*:*:*:*:*
    • (no CPE)range: <=6.0.3, 6.1.0-6.1.3

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.