Lucene search

[email protected]CVE-2002-1106

HistoryOct 04, 2002 - 4:00 a.m.

CVE-2002-1106

2002-10-0404:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cisco

vpn

client

software

man-in-the-middle

attack

security

vulnerability

7.4 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

72.2%

JSON

Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.1C, does not properly verify that certificate DN fields match those of the certificate from the VPN Concentrator, which allows remote attackers to conduct man-in-the-middle attacks.

CPENameOperatorVersion
cisco:vpn_clientcisco vpn clienteq3.1
cisco:vpn_clientcisco vpn clienteq3.0
cisco:vpn_clientcisco vpn clienteq3.5.1
cisco:vpn_clientcisco vpn clienteq2.0

CPE	Name	Operator	Version
cisco:vpn_client	cisco vpn client	eq	3.1
cisco:vpn_client	cisco vpn client	eq	3.0
cisco:vpn_client	cisco vpn client	eq	3.5.1
cisco:vpn_client	cisco vpn client	eq	2.0

References

www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml

www.securityfocus.com/bid/5652

exchange.xforce.ibmcloud.com/vulnerabilities/10045

7.4 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

72.2%

JSON

Related for CVE-2002-1106

cvelist1