CVE-2002-1755 : tinc 1.0pre3 and 1.0pre4 VPN does not authenticate forwarded packets, which allo

tinc 1.0pre3 and 1.0pre4 VPN does not authenticate forwarded packets, which allows remote attackers to inject data into user sessions without detection, and possibly control the data contents via cut-and-paste attacks on CBC.

Published 2002-12-31 05:00:00

Updated 2025-04-03 01:03:51

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2002-1755

Tinc » Tinc » Version: 1.0pre4
cpe:2.3:a:tinc:tinc:1.0pre4:*:*:*:*:*:*:*
Matching versions
Tinc » Tinc » Version: 1.0pre3
cpe:2.3:a:tinc:tinc:1.0pre3:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2002-1755

EPSS FAQ

0.34%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 53 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2002-1755

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:P/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None

References for CVE-2002-1755

http://www.securityfocus.com/archive/1/249142

CVEs referencing this url
https://exchange.xforce.ibmcloud.com/vulnerabilities/7868

Multiple VPN daemons allow remote attackers to modify packets CVE-2002-1755 Vulnerability Report

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2002-1755

Products affected by CVE-2002-1755

Exploit prediction scoring system (EPSS) score for CVE-2002-1755

CVSS scores for CVE-2002-1755

References for CVE-2002-1755