Details of VAR-200208-0065

ID

VAR-200208-0065

CVE

CVE-2002-0778

TITLE

Cisco Cache Engine Default configuration Any user can use proxy vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200208-017

DESCRIPTION

The default configuration of the proxy for Cisco Cache Engine and Content Engine allows remote attackers to use HTTPS to make TCP connections to allowed IP addresses while hiding the actual source IP. Cisco Cache Engines offer the ability to proxy HTTP, HTTPS and FTP transactions. Since these services may be placed on one of numerous ports, the default configuration allows a user behind the proxy to connect to another system on any port. Insufficient default access control is set on the device, allowing any user that can connect to the system to proxy a request through to another system. Cisco Cache Engine series products are network-integrated cache solutions developed and maintained by CISCO, which can reduce WAN bandwidth usage, maximize network service quality, and improve the scalability of existing networks

Trust: 1.26

sources: NVD: CVE-2002-0778 // BID: 4751 // VULHUB: VHN-5169

AFFECTED PRODUCTS

vendor:	cisco	model:	cache engine 570	scope:	eq	version:	2.2.0	Trust: 1.6
vendor:	cisco	model:	cache engine 570	scope:	eq	version:	570	Trust: 1.6
vendor:	cisco	model:	cache engine 550	scope:	eq	version:	2.2.0	Trust: 1.6
vendor:	cisco	model:	cache engine 550	scope:	eq	version:	2.4.0	Trust: 1.6
vendor:	cisco	model:	cache engine 550	scope:	eq	version:	3.0	Trust: 1.6
vendor:	cisco	model:	cache engine 570	scope:	eq	version:	2.4.0	Trust: 1.6
vendor:	cisco	model:	cache engine 570	scope:	eq	version:	3.0	Trust: 1.6
vendor:	cisco	model:	content engine	scope:	eq	version:	7320	Trust: 1.3
vendor:	cisco	model:	content engine	scope:	eq	version:	590	Trust: 1.3
vendor:	cisco	model:	content engine	scope:	eq	version:	560	Trust: 1.3
vendor:	cisco	model:	content engine	scope:	eq	version:	507	Trust: 1.3
vendor:	cisco	model:	content distribution manager 4630	scope:	eq	version:	4.1	Trust: 1.0
vendor:	cisco	model:	cache engine 505	scope:	eq	version:	3.0	Trust: 1.0
vendor:	cisco	model:	content engine	scope:	eq	version:	590_2.2.0	Trust: 1.0
vendor:	cisco	model:	content router 4430	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	content engine	scope:	eq	version:	590_4.0	Trust: 1.0
vendor:	cisco	model:	content engine	scope:	eq	version:	7320_2.2.0	Trust: 1.0
vendor:	cisco	model:	enterprise content delivery network software	scope:	eq	version:	4.0	Trust: 1.0
vendor:	cisco	model:	content engine	scope:	eq	version:	560_2.2.0	Trust: 1.0
vendor:	cisco	model:	content distribution manager 4630	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	content distribution manager 4630	scope:	eq	version:	4.0	Trust: 1.0
vendor:	cisco	model:	content distribution manager 4650	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	content engine	scope:	eq	version:	560_4.0	Trust: 1.0
vendor:	cisco	model:	content engine	scope:	eq	version:	590_3.1	Trust: 1.0
vendor:	cisco	model:	content engine	scope:	eq	version:	560_3.1	Trust: 1.0
vendor:	cisco	model:	content distribution manager 4650	scope:	eq	version:	4.1	Trust: 1.0
vendor:	cisco	model:	cache engine 505	scope:	eq	version:	2.4.0	Trust: 1.0
vendor:	cisco	model:	content engine	scope:	eq	version:	590_4.1	Trust: 1.0
vendor:	cisco	model:	content engine	scope:	eq	version:	507_2.2.0	Trust: 1.0
vendor:	cisco	model:	content engine	scope:	eq	version:	7320_4.0	Trust: 1.0
vendor:	cisco	model:	content engine	scope:	eq	version:	507_3.1	Trust: 1.0
vendor:	cisco	model:	cache engine 550	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	content engine	scope:	eq	version:	507_4.1	Trust: 1.0
vendor:	cisco	model:	content engine	scope:	eq	version:	7320_4.1	Trust: 1.0
vendor:	cisco	model:	enterprise content delivery network software	scope:	eq	version:	4.1	Trust: 1.0
vendor:	cisco	model:	content engine	scope:	eq	version:	560_4.1	Trust: 1.0
vendor:	cisco	model:	content engine	scope:	eq	version:	7320_3.1	Trust: 1.0
vendor:	cisco	model:	content distribution manager 4650	scope:	eq	version:	4.0	Trust: 1.0
vendor:	cisco	model:	content engine	scope:	eq	version:	507_4.0	Trust: 1.0
vendor:	cisco	model:	content router 4430	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	content router 4430	scope:	eq	version:	4.1	Trust: 0.6
vendor:	cisco	model:	content router 4430	scope:	eq	version:	4.0	Trust: 0.6
vendor:	cisco	model:	content router	scope:	eq	version:	44304.1	Trust: 0.3
vendor:	cisco	model:	content router	scope:	eq	version:	44304.0	Trust: 0.3
vendor:	cisco	model:	content router	scope:	eq	version:	4430	Trust: 0.3
vendor:	cisco	model:	content engine module for cisco router series	scope:	eq	version:	3700	Trust: 0.3
vendor:	cisco	model:	content engine module for cisco router series	scope:	eq	version:	3600	Trust: 0.3
vendor:	cisco	model:	content engine module for cisco router series	scope:	eq	version:	2600	Trust: 0.3
vendor:	cisco	model:	content engine	scope:	eq	version:	7325	Trust: 0.3
vendor:	cisco	model:	content engine	scope:	eq	version:	73204.1	Trust: 0.3
vendor:	cisco	model:	content engine	scope:	eq	version:	73204.0	Trust: 0.3
vendor:	cisco	model:	content engine	scope:	eq	version:	73203.1	Trust: 0.3
vendor:	cisco	model:	content engine	scope:	eq	version:	73202.2.0	Trust: 0.3
vendor:	cisco	model:	content engine	scope:	eq	version:	5904.1	Trust: 0.3
vendor:	cisco	model:	content engine	scope:	eq	version:	5904.0	Trust: 0.3
vendor:	cisco	model:	content engine	scope:	eq	version:	5903.1	Trust: 0.3
vendor:	cisco	model:	content engine	scope:	eq	version:	5902.2.0	Trust: 0.3
vendor:	cisco	model:	content engine	scope:	eq	version:	565	Trust: 0.3
vendor:	cisco	model:	content engine	scope:	eq	version:	5604.1	Trust: 0.3
vendor:	cisco	model:	content engine	scope:	eq	version:	5604.0	Trust: 0.3
vendor:	cisco	model:	content engine	scope:	eq	version:	5603.1	Trust: 0.3
vendor:	cisco	model:	content engine	scope:	eq	version:	5602.2.0	Trust: 0.3
vendor:	cisco	model:	content engine	scope:	eq	version:	510	Trust: 0.3
vendor:	cisco	model:	content engine	scope:	eq	version:	5074.1	Trust: 0.3
vendor:	cisco	model:	content engine	scope:	eq	version:	5074.0	Trust: 0.3
vendor:	cisco	model:	content engine	scope:	eq	version:	5073.1	Trust: 0.3
vendor:	cisco	model:	content engine	scope:	eq	version:	5072.2.0	Trust: 0.3
vendor:	cisco	model:	content distribution manager	scope:	eq	version:	46504.1	Trust: 0.3
vendor:	cisco	model:	content distribution manager	scope:	eq	version:	46504.0	Trust: 0.3
vendor:	cisco	model:	content distribution manager	scope:	eq	version:	4650	Trust: 0.3
vendor:	cisco	model:	content distribution manager	scope:	eq	version:	46304.1	Trust: 0.3
vendor:	cisco	model:	content distribution manager	scope:	eq	version:	46304.0	Trust: 0.3
vendor:	cisco	model:	content distribution manager	scope:	eq	version:	4630	Trust: 0.3
vendor:	cisco	model:	cache engine	scope:	eq	version:	5704.0	Trust: 0.3
vendor:	cisco	model:	cache engine	scope:	eq	version:	5703.0	Trust: 0.3
vendor:	cisco	model:	cache engine	scope:	eq	version:	5702.2.0	Trust: 0.3
vendor:	cisco	model:	cache engine	scope:	eq	version:	570	Trust: 0.3
vendor:	cisco	model:	cache engine	scope:	eq	version:	5504.0	Trust: 0.3
vendor:	cisco	model:	cache engine	scope:	eq	version:	5503.0	Trust: 0.3
vendor:	cisco	model:	cache engine	scope:	eq	version:	5502.2.0	Trust: 0.3
vendor:	cisco	model:	cache engine	scope:	eq	version:	550	Trust: 0.3
vendor:	cisco	model:	cache engine	scope:	eq	version:	5054.0	Trust: 0.3
vendor:	cisco	model:	cache engine	scope:	eq	version:	5053.0	Trust: 0.3
vendor:	cisco	model:	cache engine	scope:	eq	version:	5052.2.0	Trust: 0.3
vendor:	cisco	model:	cache engine	scope:	eq	version:	505	Trust: 0.3

sources: BID: 4751 // CNNVD: CNNVD-200208-017 // NVD: CVE-2002-0778

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2002-0778
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200208-017
value:	HIGH
Trust: 0.6
VULHUB:	VHN-5169
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2002-0778
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-5169
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-5169 // CNNVD: CNNVD-200208-017 // NVD: CVE-2002-0778

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-0778

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200208-017

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200208-017

EXTERNAL IDS

db:	BID	id:	4751	Trust: 2.0
db:	NVD	id:	CVE-2002-0778	Trust: 1.7
db:	CNNVD	id:	CNNVD-200208-017	Trust: 0.7
db:	CISCO	id:	20020528 TRANSPARENT CACHE ENGINE AND CONTENT ENGINE TCP RELAY VULNERABILITY	Trust: 0.6
db:	XF	id:	9082	Trust: 0.6
db:	VULHUB	id:	VHN-5169	Trust: 0.1

sources: VULHUB: VHN-5169 // BID: 4751 // CNNVD: CNNVD-200208-017 // NVD: CVE-2002-0778

REFERENCES

url:	http://www.cisco.com/warp/public/707/transparentcache-tcp-relay-vuln-pub.shtml	Trust: 2.0
url:	http://www.securityfocus.com/bid/4751	Trust: 1.7
url:	http://www.iss.net/security_center/static/9082.php	Trust: 1.7

sources: VULHUB: VHN-5169 // BID: 4751 // CNNVD: CNNVD-200208-017 // NVD: CVE-2002-0778

CREDITS

Cisco Systems Product Security Incident Response Team※ psirt@cisco.com

Trust: 0.6

sources: CNNVD: CNNVD-200208-017

SOURCES

db:	VULHUB	id:	VHN-5169
db:	BID	id:	4751
db:	CNNVD	id:	CNNVD-200208-017
db:	NVD	id:	CVE-2002-0778

LAST UPDATE DATE

2025-04-03T22:26:25.653000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-5169	date:	2018-10-30T00:00:00
db:	BID	id:	4751	date:	2002-05-15T00:00:00
db:	CNNVD	id:	CNNVD-200208-017	date:	2005-05-02T00:00:00
db:	NVD	id:	CVE-2002-0778	date:	2025-04-03T01:03:51.193

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-5169	date:	2002-08-12T00:00:00
db:	BID	id:	4751	date:	2002-05-15T00:00:00
db:	CNNVD	id:	CNNVD-200208-017	date:	2002-05-15T00:00:00
db:	NVD	id:	CVE-2002-0778	date:	2002-08-12T04:00:00