Details of VAR-200210-0279

ID

VAR-200210-0279

CVE

CVE-2002-1108

TITLE

Cisco VPN Client TCP Filter leak vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200210-063

DESCRIPTION

Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.6(Rel), when configured with all tunnel mode, can be forced into acknowledging a TCP packet from outside the tunnel. This has the potential to leak information about the client system to attackers. This issue does not occur if "split tunneling mode" is enabled. Furthermore, 3.5.x releases of the client are not prone to this issue if the firewall is configured to run in "always on" mode. The 3.6(Rel) version of the client is prone to this issue even under circumstances where the firewall is run in "always on" mode. It can be used under the Microsoft Windows operating system, and can also be used under the Linux operating system. affected by this vulnerability. CISCO designated this vulnerability number as: CSCdy37058

Trust: 1.26

sources: NVD: CVE-2002-1108 // BID: 5651 // VULHUB: VHN-5496

AFFECTED PRODUCTS

vendor:	cisco	model:	vpn client	scope:	eq	version:	3.1	Trust: 1.6
vendor:	cisco	model:	vpn client	scope:	eq	version:	2.0	Trust: 1.6
vendor:	cisco	model:	vpn client	scope:	eq	version:	3.0	Trust: 1.6
vendor:	cisco	model:	vpn client	scope:	eq	version:	3.5.1	Trust: 1.6
vendor:	cisco	model:	vpn client	scope:	eq	version:	3.5.1c	Trust: 1.6
vendor:	cisco	model:	vpn client	scope:	eq	version:	3.0.5	Trust: 1.6
vendor:	cisco	model:	vpn client for windows	scope:	eq	version:	3.6	Trust: 0.6
vendor:	cisco	model:	vpn client for windows	scope:	eq	version:	3.5.2	Trust: 0.3
vendor:	cisco	model:	vpn client for windows c	scope:	eq	version:	3.5.1	Trust: 0.3
vendor:	cisco	model:	vpn client for windows	scope:	eq	version:	3.5.1	Trust: 0.3
vendor:	cisco	model:	vpn client for windows	scope:	eq	version:	3.1	Trust: 0.3
vendor:	cisco	model:	vpn client for windows	scope:	eq	version:	3.0.5	Trust: 0.3
vendor:	cisco	model:	vpn client for windows	scope:	eq	version:	3.0	Trust: 0.3
vendor:	cisco	model:	vpn client for windows	scope:	eq	version:	2.0	Trust: 0.3
vendor:	cisco	model:	vpn client for solaris	scope:	eq	version:	3.6	Trust: 0.3
vendor:	cisco	model:	vpn client for solaris	scope:	eq	version:	3.5.2	Trust: 0.3
vendor:	cisco	model:	vpn client for solaris	scope:	eq	version:	3.5.1	Trust: 0.3
vendor:	cisco	model:	vpn client for mac os	scope:	eq	version:	x3.6	Trust: 0.3
vendor:	cisco	model:	vpn client for mac os	scope:	eq	version:	x3.5.2	Trust: 0.3
vendor:	cisco	model:	vpn client for mac os	scope:	eq	version:	x3.5.1	Trust: 0.3
vendor:	cisco	model:	vpn client for linux	scope:	eq	version:	3.6	Trust: 0.3
vendor:	cisco	model:	vpn client for linux	scope:	eq	version:	3.5.2	Trust: 0.3
vendor:	cisco	model:	vpn client for linux	scope:	eq	version:	3.5.1	Trust: 0.3
vendor:	cisco	model:	vpn client for windows	scope:	ne	version:	3.6.1	Trust: 0.3
vendor:	cisco	model:	vpn client for windows	scope:	ne	version:	3.5.4	Trust: 0.3
vendor:	cisco	model:	vpn client for solaris	scope:	ne	version:	3.6.1	Trust: 0.3
vendor:	cisco	model:	vpn client for solaris	scope:	ne	version:	3.5.4	Trust: 0.3
vendor:	cisco	model:	vpn client for mac os	scope:	ne	version:	x3.6.1	Trust: 0.3
vendor:	cisco	model:	vpn client for mac os	scope:	ne	version:	x3.5.4	Trust: 0.3
vendor:	cisco	model:	vpn client for linux	scope:	ne	version:	3.6.1	Trust: 0.3
vendor:	cisco	model:	vpn client for linux	scope:	ne	version:	3.5.4	Trust: 0.3

sources: BID: 5651 // CNNVD: CNNVD-200210-063 // NVD: CVE-2002-1108

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2002-1108
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200210-063
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-5496
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2002-1108
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-5496
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-5496 // CNNVD: CNNVD-200210-063 // NVD: CVE-2002-1108

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-1108

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200210-063

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200210-063

EXTERNAL IDS

db:	BID	id:	5651	Trust: 2.0
db:	NVD	id:	CVE-2002-1108	Trust: 1.7
db:	CISCO	id:	20020905 CISCO VPN CLIENT MULTIPLE VULNERABILITIES - SECOND SET	Trust: 0.6
db:	XF	id:	10047	Trust: 0.6
db:	CNNVD	id:	CNNVD-200210-063	Trust: 0.6
db:	VULHUB	id:	VHN-5496	Trust: 0.1

sources: VULHUB: VHN-5496 // BID: 5651 // CNNVD: CNNVD-200210-063 // NVD: CVE-2002-1108

REFERENCES

url:	http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml	Trust: 2.0
url:	http://www.securityfocus.com/bid/5651	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/10047	Trust: 1.1
url:	http://xforce.iss.net/xforce/xfdb/10047	Trust: 0.6

sources: VULHUB: VHN-5496 // BID: 5651 // CNNVD: CNNVD-200210-063 // NVD: CVE-2002-1108

CREDITS

Cisco Security Advisory

Trust: 0.6

sources: CNNVD: CNNVD-200210-063

SOURCES

db:	VULHUB	id:	VHN-5496
db:	BID	id:	5651
db:	CNNVD	id:	CNNVD-200210-063
db:	NVD	id:	CVE-2002-1108

LAST UPDATE DATE

2024-08-14T13:40:34.661000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-5496	date:	2017-10-10T00:00:00
db:	BID	id:	5651	date:	2002-09-05T00:00:00
db:	CNNVD	id:	CNNVD-200210-063	date:	2005-05-13T00:00:00
db:	NVD	id:	CVE-2002-1108	date:	2017-10-10T01:30:08.517

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-5496	date:	2002-10-04T00:00:00
db:	BID	id:	5651	date:	2002-09-05T00:00:00
db:	CNNVD	id:	CNNVD-200210-063	date:	2002-09-05T00:00:00
db:	NVD	id:	CVE-2002-1108	date:	2002-10-04T04:00:00