← CVECheck
HomeVulnerabilities

CVE-2002-2139 — MEDIUM severity vulnerability (Cisco PIX Firewall 6.0.3 and earlier, and 6.1.x to 6.1.3, do)

Cisco PIX Firewall 6.0.3 and earlier, and 6.1.x to 6.1.3, do not delete the duplicate ISAKMP SAs for a user's VPN session, which allows local users to hijack a session via a man-in-the-middle attack.

CVE IDCVE-2002-2139
SeverityMEDIUM
CVSS score6.4
CVSS vectorAV:N/AC:L/Au:N/C:P/I:P/A:N
CWENVD-CWE-Other
StatusModified
Published2002-12-31
Last modified2026-04-16
DescriptionCisco PIX Firewall 6.0.3 and earlier, and 6.1.x to 6.1.3, do not delete the duplicate ISAKMP SAs for a user's VPN session, which allows local users to hijack a session via a man-in-the-middle attack.
SourceNIST National Vulnerability Database

🔍 Search all vulnerabilities →