Details of VAR-200210-0249

ID

VAR-200210-0249

CVE

CVE-2002-1096

TITLE

Cisco VPN 3000 Series Concentrator User Credential Disclosure Vulnerability

Trust: 0.9

sources: BID: 5611 // CNNVD: CNNVD-200210-142

DESCRIPTION

Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.1, allows restricted administrators to obtain user passwords that are stored in plaintext in HTML source code. Cisco VPN 3000 series concentrators are prone to an issue which may cause user credentials to be disclosed to remote attackers under some circumstances. Cisco VPN 3000 Concentrator versions 2.2.x and 3.x prior to 3.5.1 have vulnerabilities

Trust: 1.26

sources: NVD: CVE-2002-1096 // BID: 5611 // VULHUB: VHN-5484

AFFECTED PRODUCTS

vendor:	cisco	model:	vpn concentrator	scope:	eq	version:	30002.5.2	Trust: 1.5
vendor:	cisco	model:	vpn 3000 concentrator series software	scope:	eq	version:	2.0	Trust: 1.0
vendor:	cisco	model:	vpn 3000 concentrator series software	scope:	eq	version:	2.5.2.a	Trust: 1.0
vendor:	cisco	model:	vpn 3000 concentrator series software	scope:	eq	version:	2.5.2.f	Trust: 1.0
vendor:	cisco	model:	vpn 3000 concentrator series software	scope:	eq	version:	3.0.3.b	Trust: 1.0
vendor:	cisco	model:	vpn 3002 hardware client	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	vpn 3000 concentrator series software	scope:	eq	version:	2.5.2.b	Trust: 1.0
vendor:	cisco	model:	vpn 3000 concentrator series software	scope:	eq	version:	3.0.4	Trust: 1.0
vendor:	cisco	model:	vpn 3000 concentrator series software	scope:	eq	version:	3.0\(rel\)	Trust: 1.0
vendor:	cisco	model:	vpn 3000 concentrator series software	scope:	eq	version:	3.0.3.a	Trust: 1.0
vendor:	cisco	model:	vpn 3000 concentrator series software	scope:	eq	version:	2.5.2.c	Trust: 1.0
vendor:	cisco	model:	vpn 3000 concentrator series software	scope:	eq	version:	2.5.2.d	Trust: 1.0
vendor:	cisco	model:	vpn 3000 concentrator series software	scope:	eq	version:	3.1	Trust: 1.0
vendor:	cisco	model:	vpn 3000 concentrator series software	scope:	eq	version:	3.1.2	Trust: 1.0
vendor:	cisco	model:	vpn 3000 concentrator series software	scope:	eq	version:	3.1.1	Trust: 1.0
vendor:	cisco	model:	vpn 3000 concentrator series software	scope:	eq	version:	3.1\(rel\)	Trust: 1.0
vendor:	cisco	model:	vpn 3000 concentrator series software	scope:	eq	version:	3.5\(rel\)	Trust: 1.0
vendor:	cisco	model:	vpn 3000 concentrator series software	scope:	eq	version:	3.0	Trust: 1.0
vendor:	cisco	model:	vpn concentrator	scope:	eq	version:	30003.0.3	Trust: 0.6
vendor:	cisco	model:	vpn concentrator	scope:	eq	version:	30003.1	Trust: 0.6
vendor:	cisco	model:	vpn 3000 concentrator	scope:	eq	version:	3.1	Trust: 0.6
vendor:	cisco	model:	vpn 3000 concentrator	scope:	eq	version:	3.0\(rel\)	Trust: 0.6
vendor:	cisco	model:	vpn 3000 concentrator	scope:	eq	version:	2.5.2.f	Trust: 0.6
vendor:	cisco	model:	vpn 3000 concentrator	scope:	eq	version:	3.1.2	Trust: 0.6
vendor:	cisco	model:	vpn 3000 concentrator	scope:	eq	version:	3.1\(rel\)	Trust: 0.6
vendor:	cisco	model:	vpn 3000 concentrator	scope:	eq	version:	3.0.3.a	Trust: 0.6
vendor:	cisco	model:	vpn 3000 concentrator	scope:	eq	version:	3.5\(rel\)	Trust: 0.6
vendor:	cisco	model:	vpn 3000 concentrator	scope:	eq	version:	3.0	Trust: 0.6
vendor:	cisco	model:	vpn 3000 concentrator	scope:	eq	version:	3.0.4	Trust: 0.6
vendor:	cisco	model:	vpn 3000 concentrator	scope:	eq	version:	3.0.3.b	Trust: 0.6
vendor:	cisco	model:	vpn concentrator	scope:	eq	version:	30003.0.4	Trust: 0.3
vendor:	cisco	model:	vpn concentrator	scope:	ne	version:	30003.5.5	Trust: 0.3
vendor:	cisco	model:	vpn concentrator	scope:	eq	version:	30003.0	Trust: 0.3
vendor:	cisco	model:	vpn concentrator	scope:	ne	version:	30003.5.3	Trust: 0.3
vendor:	cisco	model:	vpn concentrator	scope:	ne	version:	30003.1.4	Trust: 0.3
vendor:	cisco	model:	vpn concentrator	scope:	ne	version:	30003.6	Trust: 0.3
vendor:	cisco	model:	vpn concentrator	scope:	eq	version:	30003.5	Trust: 0.3
vendor:	cisco	model:	vpn concentrator	scope:	ne	version:	30003.5.4	Trust: 0.3
vendor:	cisco	model:	vpn concentrator	scope:	eq	version:	30003.1.1	Trust: 0.3
vendor:	cisco	model:	vpn concentrator	scope:	ne	version:	30003.5.2	Trust: 0.3
vendor:	cisco	model:	vpn concentrator	scope:	eq	version:	30003.1.2	Trust: 0.3
vendor:	cisco	model:	vpn hardware client	scope:	eq	version:	3002	Trust: 0.3
vendor:	cisco	model:	vpn concentrator	scope:	eq	version:	30002.0	Trust: 0.3
vendor:	cisco	model:	vpn concentrator	scope:	ne	version:	30003.6.1	Trust: 0.3
vendor:	cisco	model:	vpn concentrator	scope:	ne	version:	30003.5.1	Trust: 0.3

sources: BID: 5611 // CNNVD: CNNVD-200210-142 // NVD: CVE-2002-1096

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2002-1096
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200210-142
value:	HIGH
Trust: 0.6
VULHUB:	VHN-5484
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2002-1096
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-5484
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-5484 // CNNVD: CNNVD-200210-142 // NVD: CVE-2002-1096

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-1096

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200210-142

TYPE

Design Error

Trust: 0.9

sources: BID: 5611 // CNNVD: CNNVD-200210-142

EXTERNAL IDS

db:	NVD	id:	CVE-2002-1096	Trust: 2.0
db:	BID	id:	5611	Trust: 2.0
db:	CNNVD	id:	CNNVD-200210-142	Trust: 0.7
db:	CISCO	id:	20020903 CISCO VPN 3000 CONCENTRATOR MULTIPLE VULNERABILITIES	Trust: 0.6
db:	XF	id:	10019	Trust: 0.6
db:	VULHUB	id:	VHN-5484	Trust: 0.1

sources: VULHUB: VHN-5484 // BID: 5611 // CNNVD: CNNVD-200210-142 // NVD: CVE-2002-1096

REFERENCES

url:	http://www.securityfocus.com/bid/5611	Trust: 1.7
url:	http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml	Trust: 1.7
url:	http://www.iss.net/security_center/static/10019.php	Trust: 1.7

sources: VULHUB: VHN-5484 // CNNVD: CNNVD-200210-142 // NVD: CVE-2002-1096

CREDITS

Vulnerability announced in a Cisco Security Advisory.

Trust: 0.9

sources: BID: 5611 // CNNVD: CNNVD-200210-142

SOURCES

db:	VULHUB	id:	VHN-5484
db:	BID	id:	5611
db:	CNNVD	id:	CNNVD-200210-142
db:	NVD	id:	CVE-2002-1096

LAST UPDATE DATE

2024-08-14T14:16:15.724000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-5484	date:	2018-10-30T00:00:00
db:	BID	id:	5611	date:	2009-07-11T15:56:00
db:	CNNVD	id:	CNNVD-200210-142	date:	2005-05-13T00:00:00
db:	NVD	id:	CVE-2002-1096	date:	2018-10-30T16:26:19.043

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-5484	date:	2002-10-04T00:00:00
db:	BID	id:	5611	date:	2002-09-03T00:00:00
db:	CNNVD	id:	CNNVD-200210-142	date:	2002-10-04T00:00:00
db:	NVD	id:	CVE-2002-1096	date:	2002-10-04T04:00:00