Sign-up

ID

VAR-200210-0245


CVE

CVE-2002-1092


TITLE

Cisco VPN 3000 Concentrator 3.6(Rel) Authentication verification vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200210-064

DESCRIPTION

Cisco VPN 3000 Concentrator 3.6(Rel) and earlier, and 2.x.x, when configured to use internal authentication with group accounts and without any user accounts, allows remote VPN clients to log in using PPTP or IPSEC user authentication. Cisco VPN 3000 series concentrators are a family of products for facilitating secure communications via VPN (Virtual Private Networks). This could result in unintended privileges and access

Trust: 1.26

sources: NVD: CVE-2002-1092 // BID: 5613 // VULHUB: VHN-5480

AFFECTED PRODUCTS

vendor:ciscomodel:vpn concentratorscope:eqversion:30002.5.2

Trust: 1.5

vendor:ciscomodel:vpn 3000 concentrator series softwarescope:lteversion:3.6\(rel\)

Trust: 1.0

vendor:ciscomodel:vpn concentratorscope:eqversion:30003.1

Trust: 0.6

vendor:ciscomodel:vpn 3000 concentrator series softwarescope:eqversion:3.6\(rel\)

Trust: 0.6

vendor:ciscomodel:vpn 3000 concentratorscope:eqversion:3.6\(rel\)

Trust: 0.6

vendor:ciscomodel:vpn concentratorscope:eqversion:30003.5.3

Trust: 0.3

vendor:ciscomodel:vpn concentratorscope:eqversion:30003.0.3

Trust: 0.3

vendor:ciscomodel:vpn concentratorscope:neversion:30003.5.5

Trust: 0.3

vendor:ciscomodel:vpn concentratorscope:eqversion:30003.5.4

Trust: 0.3

vendor:ciscomodel:vpn concentratorscope:eqversion:30003.6

Trust: 0.3

vendor:ciscomodel:vpn concentratorscope:neversion:30003.0.3

Trust: 0.3

vendor:ciscomodel:vpn concentratorscope:eqversion:30003.0

Trust: 0.3

vendor:ciscomodel:vpn concentratorscope:eqversion:30003.5.2

Trust: 0.3

vendor:ciscomodel:vpn concentratorscope:neversion:30003.0.4

Trust: 0.3

vendor:ciscomodel:vpn concentratorscope:eqversion:30003.5

Trust: 0.3

vendor:ciscomodel:vpn concentratorscope:eqversion:30003.1.1

Trust: 0.3

vendor:ciscomodel:vpn concentratorscope:eqversion:30003.1.2

Trust: 0.3

vendor:ciscomodel:vpn concentratorscope:eqversion:30002.0

Trust: 0.3

vendor:ciscomodel:vpn concentratorscope:neversion:30003.6.1

Trust: 0.3

vendor:ciscomodel:vpn concentratorscope:eqversion:30003.5.1

Trust: 0.3

vendor:ciscomodel:vpn hardware clientscope:neversion:3002

Trust: 0.3

vendor:ciscomodel:vpn concentratorscope:neversion:30003.1.2

Trust: 0.3

sources: BID: 5613 // CNNVD: CNNVD-200210-064 // NVD: CVE-2002-1092

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2002-1092
value: HIGH

Trust: 1.0

CNNVD: CNNVD-200210-064
value: HIGH

Trust: 0.6

VULHUB: VHN-5480
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2002-1092
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-5480
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-5480 // CNNVD: CNNVD-200210-064 // NVD: CVE-2002-1092

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-1092

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200210-064

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200210-064

EXTERNAL IDS

db:BIDid:5613

Trust: 2.0

db:NVDid:CVE-2002-1092

Trust: 1.7

db:CNNVDid:CNNVD-200210-064

Trust: 0.7

db:CISCOid:20020903 CISCO VPN 3000 CONCENTRATOR MULTIPLE VULNERABILITIES

Trust: 0.6

db:XFid:10017

Trust: 0.6

db:VULHUBid:VHN-5480

Trust: 0.1

sources: VULHUB: VHN-5480 // BID: 5613 // CNNVD: CNNVD-200210-064 // NVD: CVE-2002-1092

REFERENCES

url:http://www.securityfocus.com/bid/5613

Trust: 1.7

url:http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml

Trust: 1.7

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/10017

Trust: 1.1

url:http://xforce.iss.net/xforce/xfdb/10017

Trust: 0.6

sources: VULHUB: VHN-5480 // CNNVD: CNNVD-200210-064 // NVD: CVE-2002-1092

CREDITS

Vulnerability announced in a Cisco Security Advisory.

Trust: 0.3

sources: BID: 5613

SOURCES

db:VULHUBid:VHN-5480
db:BIDid:5613
db:CNNVDid:CNNVD-200210-064
db:NVDid:CVE-2002-1092

LAST UPDATE DATE

2024-08-14T14:16:15.699000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-5480date:2018-10-30T00:00:00
db:BIDid:5613date:2002-09-03T00:00:00
db:CNNVDid:CNNVD-200210-064date:2005-05-13T00:00:00
db:NVDid:CVE-2002-1092date:2018-10-30T16:25:04.793

SOURCES RELEASE DATE

db:VULHUBid:VHN-5480date:2002-10-04T00:00:00
db:BIDid:5613date:2002-09-03T00:00:00
db:CNNVDid:CNNVD-200210-064date:2002-10-04T00:00:00
db:NVDid:CVE-2002-1092date:2002-10-04T04:00:00