Details of VAR-200209-0032

ID

VAR-200209-0032

CVE

CVE-2002-0852

TITLE

Cisco VPN client Multiple security vulnerabilities

Trust: 0.6

sources: CNNVD: CNNVD-200209-014

DESCRIPTION

Buffer overflows in Cisco Virtual Private Network (VPN) Client 3.5.4 and earlier allows remote attackers to cause a denial of service via (1) an Internet Key Exchange (IKE) with a large Security Parameter Index (SPI) payload, or (2) an IKE packet with a large number of valid payloads. VPN Client for Linux is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause denial-of-service conditions. Cisco Virtual Private Network (VPN) Client software is used to communicate with Cisco VPN Concentrator, it can run on Windows, Solaris, redhat linux, Apple MacOS and other systems. The Cisco VPN Client software contains multiple security holes, which can be exploited by attackers to prevent the Cisco VPN Client software program from working properly. * An IKE packet containing more than 57 payloads can trigger VPN Client software buffer overflow. * When the VPN Client software receives a malformed data packet with a payload length of zero, the VPN Client software will occupy 100\\% of the CPU resources of the workstation. The Cisco bug ID for these vulnerabilities is CSCdy26045

Trust: 1.26

sources: NVD: CVE-2002-0852 // BID: 89546 // VULHUB: VHN-5243

AFFECTED PRODUCTS

vendor:	cisco	model:	vpn client	scope:	eq	version:	3.5.2	Trust: 1.6
vendor:	cisco	model:	vpn client	scope:	eq	version:	3.5.1	Trust: 1.6
vendor:	cisco	model:	vpn client for linux windows	scope:	eq	version:	3.5.2	Trust: 0.3
vendor:	cisco	model:	vpn client for linux solaris	scope:	eq	version:	3.5.2	Trust: 0.3
vendor:	cisco	model:	vpn client for linux mac os	scope:	eq	version:	3.5.2x	Trust: 0.3
vendor:	cisco	model:	vpn client for linux linux	scope:	eq	version:	3.5.2	Trust: 0.3
vendor:	cisco	model:	vpn client for linux windows	scope:	eq	version:	3.5.1	Trust: 0.3
vendor:	cisco	model:	vpn client for linux solaris	scope:	eq	version:	3.5.1	Trust: 0.3
vendor:	cisco	model:	vpn client for linux mac os	scope:	eq	version:	3.5.1x	Trust: 0.3
vendor:	cisco	model:	vpn client for linux linux	scope:	eq	version:	3.5.1	Trust: 0.3

sources: BID: 89546 // CNNVD: CNNVD-200209-014 // NVD: CVE-2002-0852

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2002-0852
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200209-014
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-5243
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2002-0852
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-5243
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-5243 // CNNVD: CNNVD-200209-014 // NVD: CVE-2002-0852

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-0852

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200209-014

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200209-014

EXTERNAL IDS

db:	NVD	id:	CVE-2002-0852	Trust: 2.0
db:	CNNVD	id:	CNNVD-200209-014	Trust: 0.7
db:	CISCO	id:	20020812 CISCO VPN CLIENT MULTIPLE VULNERABILITIES	Trust: 0.6
db:	BID	id:	89546	Trust: 0.4
db:	VULHUB	id:	VHN-5243	Trust: 0.1

sources: VULHUB: VHN-5243 // BID: 89546 // CNNVD: CNNVD-200209-014 // NVD: CVE-2002-0852

REFERENCES

url:

http://www.cisco.com/warp/public/707/vpnclient-multiple-vuln-pub.shtml

Trust: 2.0

sources: VULHUB: VHN-5243 // BID: 89546 // CNNVD: CNNVD-200209-014 // NVD: CVE-2002-0852

CREDITS

Cisco PSIRT※ psirt@cisco.com

Trust: 0.6

sources: CNNVD: CNNVD-200209-014

SOURCES

db:	VULHUB	id:	VHN-5243
db:	BID	id:	89546
db:	CNNVD	id:	CNNVD-200209-014
db:	NVD	id:	CVE-2002-0852

LAST UPDATE DATE

2024-08-14T12:44:11.716000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-5243	date:	2008-09-10T00:00:00
db:	BID	id:	89546	date:	2002-09-05T00:00:00
db:	CNNVD	id:	CNNVD-200209-014	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2002-0852	date:	2008-09-10T19:13:01.757

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-5243	date:	2002-09-05T00:00:00
db:	BID	id:	89546	date:	2002-09-05T00:00:00
db:	CNNVD	id:	CNNVD-200209-014	date:	2002-08-12T00:00:00
db:	NVD	id:	CVE-2002-0852	date:	2002-09-05T04:00:00