Lucene search
MitreCVE-2002-1106HistorySep 01, 2004 - 4:00 a.m.
CVE-2002-1106
2004-09-0104:00:00
mitre
web.nvd.nist.gov
23
cisco
vpn
client
software
man-in-the-middle
attack
security
vulnerability
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
7
Confidence
Low
EPSS
0.004
Percentile
72.3%
Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.1C, does not properly verify that certificate DN fields match those of the certificate from the VPN Concentrator, which allows remote attackers to conduct man-in-the-middle attacks.
Affected configurations
Node
ciscovpn_clientMatch2.0windows
ORciscovpn_clientMatch3.0windows
ORciscovpn_clientMatch3.1windows
ORciscovpn_clientMatch3.5.1windows
| Vendor | Product | Version | CPE |
|---|---|---|---|
| cisco | vpn_client | 2.0 | cpe:2.3:a:cisco:vpn_client:2.0:*:windows:*:*:*:*:* |
| cisco | vpn_client | 3.0 | cpe:2.3:a:cisco:vpn_client:3.0:*:windows:*:*:*:*:* |
| cisco | vpn_client | 3.1 | cpe:2.3:a:cisco:vpn_client:3.1:*:windows:*:*:*:*:* |
| cisco | vpn_client | 3.5.1 | cpe:2.3:a:cisco:vpn_client:3.5.1:*:windows:*:*:*:*:* |
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
7
Confidence
Low
EPSS
0.004
Percentile
72.3%
Related for CVE-2002-1106