Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2002-1447

CWE-119Buffer Overflow5 documents5 sources
Severity
7.2HIGH
EPSS
1.4%
top 19.67%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Cisco VPN Client
Timeline
PublishedMay 28
Latest updateApr 30

Description

Buffer overflow in the vpnclient program for UNIX VPN Client before 3.5.2 allows local users to gain administrative privileges via a long profile name in a connect argument.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

NVDcisco/vpn_client3.5.1

🔴Vulnerability Details

2
GHSA
GHSA-wqv5-wj63-xvh5: Buffer overflow in the vpnclient program for UNIX VPN Client before 32022-04-30
CVEList
CVE-2002-1447: Buffer overflow in the vpnclient program for UNIX VPN Client before 32004-09-01

💥Exploits & PoCs

1
Exploit-DB
Cisco VPN Client for Unix 3.5.1 - Local Buffer Overflow2002-06-19

📋Vendor Advisories

1
Cisco
Buffer Overflow in UNIX VPN Client2002-06-19
CVE-2002-1447 (HIGH CVSS 7.2) | Buffer overflow in the vpnclient pr | cvebase.io