Lucene search
HistorySep 01, 2004 - 4:00 a.m.
CVE-2002-1107
cisco
vpn client
security vulnerability
random number
spoofing
cve-2002-1107
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
6.9 Medium
AI Score
Confidence
Low
0.004 Low
EPSS
Percentile
74.5%
Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.2B, does not generate sufficiently random numbers, which may make it vulnerable to certain attacks such as spoofing.
Affected configurations
Node
ciscovpn_clientMatch2.0windows
ORciscovpn_clientMatch3.0windows
ORciscovpn_clientMatch3.0.5windows
ORciscovpn_clientMatch3.1windows
ORciscovpn_clientMatch3.5.1linux
ORciscovpn_clientMatch3.5.1mac_os_x
ORciscovpn_clientMatch3.5.1solaris
ORciscovpn_clientMatch3.5.1windows
ORciscovpn_clientMatch3.5.1cwindows
ORciscovpn_clientMatch3.5.2linux
ORciscovpn_clientMatch3.5.2mac_os_x
ORciscovpn_clientMatch3.5.2solaris
ORciscovpn_clientMatch3.5.2windows
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
6.9 Medium
AI Score
Confidence
Low
0.004 Low
EPSS
Percentile
74.5%
Related for CVE-2002-1107