Details of VAR-200210-0270

ID

VAR-200210-0270

CVE

CVE-2002-1099

TITLE

Cisco VPN 3000 Series Concentrator Web Interface Information Disclosure Vulnerability

Trust: 0.9

sources: BID: 5616 // CNNVD: CNNVD-200210-196

DESCRIPTION

Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, allows remote attackers to obtain potentially sensitive information without authentication by directly accessing certain HTML pages. Cisco VPN 3000 series concentrators leave some areas of the web interface exposed to unauthenticated web users. Attackers may use the sensitive information disclosed in this manner to potentially aid in mounting further attacks against the device and the network. Cisco VPN 3000 Concentrator 2.2.x before 3.5.3, and 3.x versions have vulnerabilities

Trust: 1.26

sources: NVD: CVE-2002-1099 // BID: 5616 // VULHUB: VHN-5487

AFFECTED PRODUCTS

vendor:	cisco	model:	vpn concentrator	scope:	eq	version:	30002.5.2	Trust: 1.5
vendor:	cisco	model:	vpn 3000 concentrator series software	scope:	eq	version:	2.0	Trust: 1.0
vendor:	cisco	model:	vpn 3000 concentrator series software	scope:	eq	version:	2.5.2.a	Trust: 1.0
vendor:	cisco	model:	vpn 3000 concentrator series software	scope:	eq	version:	3.0.3.b	Trust: 1.0
vendor:	cisco	model:	vpn 3002 hardware client	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	vpn 3000 concentrator series software	scope:	eq	version:	2.5.2.b	Trust: 1.0
vendor:	cisco	model:	vpn 3000 concentrator series software	scope:	eq	version:	3.0.4	Trust: 1.0
vendor:	cisco	model:	vpn 3000 concentrator series software	scope:	eq	version:	3.0\(rel\)	Trust: 1.0
vendor:	cisco	model:	vpn 3000 concentrator series software	scope:	eq	version:	3.0.3.a	Trust: 1.0
vendor:	cisco	model:	vpn 3000 concentrator series software	scope:	eq	version:	2.5.2.c	Trust: 1.0
vendor:	cisco	model:	vpn 3000 concentrator series software	scope:	eq	version:	2.5.2.d	Trust: 1.0
vendor:	cisco	model:	vpn 3000 concentrator series software	scope:	eq	version:	3.1	Trust: 1.0
vendor:	cisco	model:	vpn 3000 concentrator series software	scope:	eq	version:	3.1.2	Trust: 1.0
vendor:	cisco	model:	vpn 3000 concentrator series software	scope:	eq	version:	3.1.1	Trust: 1.0
vendor:	cisco	model:	vpn 3000 concentrator series software	scope:	eq	version:	3.1.4	Trust: 1.0
vendor:	cisco	model:	vpn 3000 concentrator series software	scope:	eq	version:	3.5\(rel\)	Trust: 1.0
vendor:	cisco	model:	vpn 3000 concentrator series software	scope:	eq	version:	2.5.2.f	Trust: 1.0
vendor:	cisco	model:	vpn 3000 concentrator series software	scope:	eq	version:	3.1\(rel\)	Trust: 1.0
vendor:	cisco	model:	vpn 3000 concentrator series software	scope:	eq	version:	3.5.2	Trust: 1.0
vendor:	cisco	model:	vpn 3000 concentrator series software	scope:	eq	version:	3.5.1	Trust: 1.0
vendor:	cisco	model:	vpn 3000 concentrator series software	scope:	eq	version:	3.0	Trust: 1.0
vendor:	cisco	model:	vpn concentrator	scope:	eq	version:	30003.0.3	Trust: 0.6
vendor:	cisco	model:	vpn concentrator	scope:	eq	version:	30003.1	Trust: 0.6
vendor:	cisco	model:	vpn 3000 concentrator	scope:	eq	version:	3.1	Trust: 0.6
vendor:	cisco	model:	vpn 3000 concentrator	scope:	eq	version:	3.1.1	Trust: 0.6
vendor:	cisco	model:	vpn 3000 concentrator	scope:	eq	version:	3.1.2	Trust: 0.6
vendor:	cisco	model:	vpn 3000 concentrator	scope:	eq	version:	3.1\(rel\)	Trust: 0.6
vendor:	cisco	model:	vpn 3000 concentrator	scope:	eq	version:	3.1.4	Trust: 0.6
vendor:	cisco	model:	vpn 3000 concentrator	scope:	eq	version:	3.5\(rel\)	Trust: 0.6
vendor:	cisco	model:	vpn 3000 concentrator	scope:	eq	version:	3.5.1	Trust: 0.6
vendor:	cisco	model:	vpn 3000 concentrator	scope:	eq	version:	3.5.2	Trust: 0.6
vendor:	cisco	model:	vpn 3000 concentrator	scope:	eq	version:	3.0.3.b	Trust: 0.6
vendor:	cisco	model:	vpn 3000 concentrator	scope:	eq	version:	3.0.4	Trust: 0.6
vendor:	cisco	model:	vpn concentrator	scope:	eq	version:	30003.0.4	Trust: 0.3
vendor:	cisco	model:	vpn concentrator	scope:	eq	version:	30003.1.4	Trust: 0.3
vendor:	cisco	model:	vpn concentrator	scope:	ne	version:	30003.5.5	Trust: 0.3
vendor:	cisco	model:	vpn concentrator	scope:	eq	version:	30003.0	Trust: 0.3
vendor:	cisco	model:	vpn concentrator	scope:	eq	version:	30003.5.2	Trust: 0.3
vendor:	cisco	model:	vpn concentrator	scope:	ne	version:	30003.5.3	Trust: 0.3
vendor:	cisco	model:	vpn concentrator	scope:	ne	version:	30003.6	Trust: 0.3
vendor:	cisco	model:	vpn concentrator	scope:	eq	version:	30003.5	Trust: 0.3
vendor:	cisco	model:	vpn concentrator	scope:	ne	version:	30003.5.4	Trust: 0.3
vendor:	cisco	model:	vpn concentrator	scope:	eq	version:	30003.1.1	Trust: 0.3
vendor:	cisco	model:	vpn concentrator	scope:	eq	version:	30003.1.2	Trust: 0.3
vendor:	cisco	model:	vpn hardware client	scope:	eq	version:	3002	Trust: 0.3
vendor:	cisco	model:	vpn concentrator	scope:	eq	version:	30002.0	Trust: 0.3
vendor:	cisco	model:	vpn concentrator	scope:	ne	version:	30003.6.1	Trust: 0.3
vendor:	cisco	model:	vpn concentrator	scope:	eq	version:	30003.5.1	Trust: 0.3

sources: BID: 5616 // CNNVD: CNNVD-200210-196 // NVD: CVE-2002-1099

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2002-1099
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200210-196
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-5487
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2002-1099
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-5487
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-5487 // CNNVD: CNNVD-200210-196 // NVD: CVE-2002-1099

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-1099

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200210-196

TYPE

access verification error

Trust: 0.6

sources: CNNVD: CNNVD-200210-196

EXTERNAL IDS

db:	BID	id:	5616	Trust: 2.0
db:	NVD	id:	CVE-2002-1099	Trust: 2.0
db:	CNNVD	id:	CNNVD-200210-196	Trust: 0.7
db:	CISCO	id:	20020903 CISCO VPN 3000 CONCENTRATOR MULTIPLE VULNERABILITIES	Trust: 0.6
db:	XF	id:	10024	Trust: 0.6
db:	VULHUB	id:	VHN-5487	Trust: 0.1

sources: VULHUB: VHN-5487 // BID: 5616 // CNNVD: CNNVD-200210-196 // NVD: CVE-2002-1099

REFERENCES

url:	http://www.securityfocus.com/bid/5616	Trust: 1.7
url:	http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml	Trust: 1.7
url:	http://www.iss.net/security_center/static/10024.php	Trust: 1.7

sources: VULHUB: VHN-5487 // CNNVD: CNNVD-200210-196 // NVD: CVE-2002-1099

CREDITS

Vulnerability announced in a Cisco Security Advisory.

Trust: 0.9

sources: BID: 5616 // CNNVD: CNNVD-200210-196

SOURCES

db:	VULHUB	id:	VHN-5487
db:	BID	id:	5616
db:	CNNVD	id:	CNNVD-200210-196
db:	NVD	id:	CVE-2002-1099

LAST UPDATE DATE

2024-08-14T14:16:19.234000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-5487	date:	2018-10-30T00:00:00
db:	BID	id:	5616	date:	2009-07-11T15:56:00
db:	CNNVD	id:	CNNVD-200210-196	date:	2005-05-13T00:00:00
db:	NVD	id:	CVE-2002-1099	date:	2018-10-30T16:26:19.107

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-5487	date:	2002-10-04T00:00:00
db:	BID	id:	5616	date:	2002-09-03T00:00:00
db:	CNNVD	id:	CNNVD-200210-196	date:	2002-10-04T00:00:00
db:	NVD	id:	CVE-2002-1099	date:	2002-10-04T04:00:00