Details of VAR-200210-0268

ID

VAR-200210-0268

CVE

CVE-2002-1097

TITLE

Cisco VPN 3000 Series Concentrator Certificate Disclosure Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200210-103

DESCRIPTION

Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.2, allows restricted administrators to obtain certificate passwords that are stored in plaintext in the HTML source code for Certificate Management pages. This may enable an administrative user to gain unauthorized access to the Certificate Management interface. This would only be an issue in circumstances where the policy of an organization using the device restricts certificate management privileges to particular administrative users. Cisco VPN 3000 Concentrator 2.2.x, and versions earlier than 3.5.2 have vulnerabilities

Trust: 1.26

sources: NVD: CVE-2002-1097 // BID: 5612 // VULHUB: VHN-5485

AFFECTED PRODUCTS

vendor:	cisco	model:	vpn concentrator	scope:	eq	version:	30002.5.2	Trust: 1.5
vendor:	cisco	model:	vpn 3000 concentrator series software	scope:	eq	version:	2.0	Trust: 1.0
vendor:	cisco	model:	vpn 3000 concentrator series software	scope:	eq	version:	2.5.2.a	Trust: 1.0
vendor:	cisco	model:	vpn 3000 concentrator series software	scope:	eq	version:	2.5.2.f	Trust: 1.0
vendor:	cisco	model:	vpn 3000 concentrator series software	scope:	eq	version:	3.0.3.b	Trust: 1.0
vendor:	cisco	model:	vpn 3002 hardware client	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	vpn 3000 concentrator series software	scope:	eq	version:	2.5.2.b	Trust: 1.0
vendor:	cisco	model:	vpn 3000 concentrator series software	scope:	eq	version:	3.0.4	Trust: 1.0
vendor:	cisco	model:	vpn 3000 concentrator series software	scope:	eq	version:	3.0\(rel\)	Trust: 1.0
vendor:	cisco	model:	vpn 3000 concentrator series software	scope:	eq	version:	3.0.3.a	Trust: 1.0
vendor:	cisco	model:	vpn 3000 concentrator series software	scope:	eq	version:	2.5.2.c	Trust: 1.0
vendor:	cisco	model:	vpn 3000 concentrator series software	scope:	eq	version:	2.5.2.d	Trust: 1.0
vendor:	cisco	model:	vpn 3000 concentrator series software	scope:	eq	version:	3.1	Trust: 1.0
vendor:	cisco	model:	vpn 3000 concentrator series software	scope:	eq	version:	3.1.2	Trust: 1.0
vendor:	cisco	model:	vpn 3000 concentrator series software	scope:	eq	version:	3.1.1	Trust: 1.0
vendor:	cisco	model:	vpn 3000 concentrator series software	scope:	eq	version:	3.1\(rel\)	Trust: 1.0
vendor:	cisco	model:	vpn 3000 concentrator series software	scope:	eq	version:	3.5\(rel\)	Trust: 1.0
vendor:	cisco	model:	vpn 3000 concentrator series software	scope:	eq	version:	3.0	Trust: 1.0
vendor:	cisco	model:	vpn concentrator	scope:	eq	version:	30003.0.3	Trust: 0.6
vendor:	cisco	model:	vpn concentrator	scope:	eq	version:	30003.1	Trust: 0.6
vendor:	cisco	model:	vpn 3000 concentrator	scope:	eq	version:	2.5.2.a	Trust: 0.6
vendor:	cisco	model:	vpn 3000 concentrator	scope:	eq	version:	3.0\(rel\)	Trust: 0.6
vendor:	cisco	model:	vpn 3000 concentrator	scope:	eq	version:	2.5.2.f	Trust: 0.6
vendor:	cisco	model:	vpn 3000 concentrator	scope:	eq	version:	3.0.3.a	Trust: 0.6
vendor:	cisco	model:	vpn 3000 concentrator	scope:	eq	version:	3.1\(rel\)	Trust: 0.6
vendor:	cisco	model:	vpn 3000 concentrator	scope:	eq	version:	2.5.2.d	Trust: 0.6
vendor:	cisco	model:	vpn 3000 concentrator	scope:	eq	version:	2.5.2.c	Trust: 0.6
vendor:	cisco	model:	vpn 3000 concentrator	scope:	eq	version:	2.0	Trust: 0.6
vendor:	cisco	model:	vpn 3000 concentrator	scope:	eq	version:	3.0	Trust: 0.6
vendor:	cisco	model:	vpn 3000 concentrator	scope:	eq	version:	2.5.2.b	Trust: 0.6
vendor:	cisco	model:	vpn concentrator	scope:	eq	version:	30003.0.4	Trust: 0.3
vendor:	cisco	model:	vpn concentrator	scope:	eq	version:	30003.1.4	Trust: 0.3
vendor:	cisco	model:	vpn concentrator	scope:	ne	version:	30003.5.5	Trust: 0.3
vendor:	cisco	model:	vpn concentrator	scope:	eq	version:	30003.0	Trust: 0.3
vendor:	cisco	model:	vpn concentrator	scope:	ne	version:	30003.5.3	Trust: 0.3
vendor:	cisco	model:	vpn concentrator	scope:	ne	version:	30003.6	Trust: 0.3
vendor:	cisco	model:	vpn concentrator	scope:	eq	version:	30003.5	Trust: 0.3
vendor:	cisco	model:	vpn concentrator	scope:	ne	version:	30003.5.4	Trust: 0.3
vendor:	cisco	model:	vpn concentrator	scope:	eq	version:	30003.1.1	Trust: 0.3
vendor:	cisco	model:	vpn concentrator	scope:	ne	version:	30003.5.2	Trust: 0.3
vendor:	cisco	model:	vpn concentrator	scope:	eq	version:	30003.1.2	Trust: 0.3
vendor:	cisco	model:	vpn hardware client	scope:	eq	version:	3002	Trust: 0.3
vendor:	cisco	model:	vpn concentrator	scope:	eq	version:	30002.0	Trust: 0.3
vendor:	cisco	model:	vpn concentrator	scope:	ne	version:	30003.6.1	Trust: 0.3
vendor:	cisco	model:	vpn concentrator	scope:	eq	version:	30003.5.1	Trust: 0.3

sources: BID: 5612 // CNNVD: CNNVD-200210-103 // NVD: CVE-2002-1097

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2002-1097
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200210-103
value:	HIGH
Trust: 0.6
VULHUB:	VHN-5485
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2002-1097
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-5485
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-5485 // CNNVD: CNNVD-200210-103 // NVD: CVE-2002-1097

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-1097

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200210-103

TYPE

Design Error

Trust: 0.9

sources: BID: 5612 // CNNVD: CNNVD-200210-103

EXTERNAL IDS

db:	NVD	id:	CVE-2002-1097	Trust: 2.0
db:	BID	id:	5612	Trust: 2.0
db:	CNNVD	id:	CNNVD-200210-103	Trust: 0.7
db:	CISCO	id:	20020903 CISCO VPN 3000 CONCENTRATOR MULTIPLE VULNERABILITIES	Trust: 0.6
db:	XF	id:	10022	Trust: 0.6
db:	VULHUB	id:	VHN-5485	Trust: 0.1

sources: VULHUB: VHN-5485 // BID: 5612 // CNNVD: CNNVD-200210-103 // NVD: CVE-2002-1097

REFERENCES

url:	http://www.securityfocus.com/bid/5612	Trust: 1.7
url:	http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml	Trust: 1.7
url:	http://www.iss.net/security_center/static/10022.php	Trust: 1.7

sources: VULHUB: VHN-5485 // CNNVD: CNNVD-200210-103 // NVD: CVE-2002-1097

CREDITS

Vulnerability announced in a Cisco Security Advisory.

Trust: 0.9

sources: BID: 5612 // CNNVD: CNNVD-200210-103

SOURCES

db:	VULHUB	id:	VHN-5485
db:	BID	id:	5612
db:	CNNVD	id:	CNNVD-200210-103
db:	NVD	id:	CVE-2002-1097

LAST UPDATE DATE

2024-08-14T14:16:15.837000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-5485	date:	2018-10-30T00:00:00
db:	BID	id:	5612	date:	2009-07-11T15:56:00
db:	CNNVD	id:	CNNVD-200210-103	date:	2005-05-13T00:00:00
db:	NVD	id:	CVE-2002-1097	date:	2018-10-30T16:26:19.043

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-5485	date:	2002-10-04T00:00:00
db:	BID	id:	5612	date:	2002-09-03T00:00:00
db:	CNNVD	id:	CNNVD-200210-103	date:	2002-10-04T00:00:00
db:	NVD	id:	CVE-2002-1097	date:	2002-10-04T04:00:00