Details of VAR-200210-0278

ID

VAR-200210-0278

CVE

CVE-2002-1107

TITLE

Cisco VPN Client Serial Number Predictable Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200210-047

DESCRIPTION

Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.2B, does not generate sufficiently random numbers, which may make it vulnerable to certain attacks such as spoofing. Cisco has reported that random number generation has been improved in Cisco VPN Client. Weak random number generation may present a security vulnerability to users of the client software, as it may be possible under some circumstances for attackers to anticipate numbers that are generated by the software. If an attacker can anticipate TCP sequence numbers for VPN sessions, it may be possible to mount man-in-the-middle attacks against a connection or possible inject packets into a connection. The attacker may need to be within the VPN to exploit this issue. It can be used under the Microsoft Windows operating system, and can also be used under the Linux operating system. A remote attacker can exploit this vulnerability to attack via the Man-In-Middle method or insert packets into an existing connection. Or remote unauthorized access to the VPN concentrator. CISCO designated this vulnerability number as: CSCdx89416

Trust: 1.26

sources: NVD: CVE-2002-1107 // BID: 5653 // VULHUB: VHN-5495

AFFECTED PRODUCTS

vendor:	cisco	model:	vpn client	scope:	eq	version:	3.1	Trust: 1.6
vendor:	cisco	model:	vpn client	scope:	eq	version:	3.5.2	Trust: 1.6
vendor:	cisco	model:	vpn client	scope:	eq	version:	3.5.1	Trust: 1.6
vendor:	cisco	model:	vpn client	scope:	eq	version:	3.5.1c	Trust: 1.6
vendor:	cisco	model:	vpn client	scope:	eq	version:	3.0.5	Trust: 1.6
vendor:	cisco	model:	vpn client	scope:	eq	version:	3.0	Trust: 1.0
vendor:	cisco	model:	vpn client	scope:	eq	version:	2.0	Trust: 1.0
vendor:	cisco	model:	vpn client for windows	scope:	eq	version:	3.5.2	Trust: 0.3
vendor:	cisco	model:	vpn client for windows c	scope:	eq	version:	3.5.1	Trust: 0.3
vendor:	cisco	model:	vpn client for windows	scope:	eq	version:	3.5.1	Trust: 0.3
vendor:	cisco	model:	vpn client for windows	scope:	eq	version:	3.1	Trust: 0.3
vendor:	cisco	model:	vpn client for windows	scope:	eq	version:	3.0.5	Trust: 0.3
vendor:	cisco	model:	vpn client for windows	scope:	eq	version:	3.0	Trust: 0.3
vendor:	cisco	model:	vpn client for windows	scope:	eq	version:	2.0	Trust: 0.3
vendor:	cisco	model:	vpn client for solaris	scope:	eq	version:	3.5.2	Trust: 0.3
vendor:	cisco	model:	vpn client for solaris	scope:	eq	version:	3.5.1	Trust: 0.3
vendor:	cisco	model:	vpn client for mac os	scope:	eq	version:	x3.5.2	Trust: 0.3
vendor:	cisco	model:	vpn client for mac os	scope:	eq	version:	x3.5.1	Trust: 0.3
vendor:	cisco	model:	vpn client for linux	scope:	eq	version:	3.5.2	Trust: 0.3
vendor:	cisco	model:	vpn client for linux	scope:	eq	version:	3.5.1	Trust: 0.3
vendor:	cisco	model:	vpn client for windows b	scope:	ne	version:	3.5.2	Trust: 0.3
vendor:	cisco	model:	vpn client for solaris b	scope:	ne	version:	3.5.2	Trust: 0.3
vendor:	cisco	model:	vpn client for mac os b	scope:	ne	version:	x3.5.2	Trust: 0.3
vendor:	cisco	model:	vpn client for linux b	scope:	ne	version:	3.5.2	Trust: 0.3

sources: BID: 5653 // CNNVD: CNNVD-200210-047 // NVD: CVE-2002-1107

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2002-1107
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200210-047
value:	HIGH
Trust: 0.6
VULHUB:	VHN-5495
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2002-1107
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-5495
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-5495 // CNNVD: CNNVD-200210-047 // NVD: CVE-2002-1107

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-1107

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200210-047

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200210-047

EXTERNAL IDS

db:	BID	id:	5653	Trust: 2.0
db:	NVD	id:	CVE-2002-1107	Trust: 1.7
db:	CNNVD	id:	CNNVD-200210-047	Trust: 0.7
db:	CISCO	id:	20020905 CISCO VPN CLIENT MULTIPLE VULNERABILITIES - SECOND SET	Trust: 0.6
db:	XF	id:	10046	Trust: 0.6
db:	VULHUB	id:	VHN-5495	Trust: 0.1

sources: VULHUB: VHN-5495 // BID: 5653 // CNNVD: CNNVD-200210-047 // NVD: CVE-2002-1107

REFERENCES

url:	http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml	Trust: 2.0
url:	http://www.securityfocus.com/bid/5653	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/10046	Trust: 1.1
url:	http://xforce.iss.net/xforce/xfdb/10046	Trust: 0.6

sources: VULHUB: VHN-5495 // BID: 5653 // CNNVD: CNNVD-200210-047 // NVD: CVE-2002-1107

CREDITS

Cisco Security Advisory

Trust: 0.6

sources: CNNVD: CNNVD-200210-047

SOURCES

db:	VULHUB	id:	VHN-5495
db:	BID	id:	5653
db:	CNNVD	id:	CNNVD-200210-047
db:	NVD	id:	CVE-2002-1107

LAST UPDATE DATE

2024-08-14T13:40:34.713000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-5495	date:	2017-10-10T00:00:00
db:	BID	id:	5653	date:	2002-09-05T00:00:00
db:	CNNVD	id:	CNNVD-200210-047	date:	2005-05-13T00:00:00
db:	NVD	id:	CVE-2002-1107	date:	2017-10-10T01:30:08.453

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-5495	date:	2002-10-04T00:00:00
db:	BID	id:	5653	date:	2002-09-05T00:00:00
db:	CNNVD	id:	CNNVD-200210-047	date:	2002-09-05T00:00:00
db:	NVD	id:	CVE-2002-1107	date:	2002-10-04T04:00:00