CVE Vulnerabilities

CVE-2002-1106

Published: Oct 04, 2002 | Modified: Oct 10, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.1C, does not properly verify that certificate DN fields match those of the certificate from the VPN Concentrator, which allows remote attackers to conduct man-in-the-middle attacks.

Affected Software

Name Vendor Start Version End Version
Vpn_client Cisco 2.0 (including) 2.0 (including)
Vpn_client Cisco 3.0 (including) 3.0 (including)
Vpn_client Cisco 3.1 (including) 3.1 (including)
Vpn_client Cisco 3.5.1 (including) 3.5.1 (including)

References