CVE-2002-1106

3 documents3 sources
Severity
7.5HIGH
EPSS
0.4%
top 40.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco VPN Client
Timeline
PublishedOct 4
Latest updateApr 30

Description

Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.1C, does not properly verify that certificate DN fields match those of the certificate from the VPN Concentrator, which allows remote attackers to conduct man-in-the-middle attacks.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDcisco/vpn_client4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-rpjg-66v9-rhx2: Cisco Virtual Private Network (VPN) Client software 22022-04-30
CVEList
CVE-2002-1106: Cisco Virtual Private Network (VPN) Client software 22004-09-01
CVE-2002-1106 (HIGH CVSS 7.5) | Cisco Virtual Private Network (VPN) | cvebase.io