Details of VAR-200210-0277

ID

VAR-200210-0277

CVE

CVE-2002-1106

TITLE

Cisco VPN Client Certificate Validation Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200210-212

DESCRIPTION

Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.1C, does not properly verify that certificate DN fields match those of the certificate from the VPN Concentrator, which allows remote attackers to conduct man-in-the-middle attacks. A flaw in the Cisco VPN Client prevents the client from sufficiently validating credentials supplied in a certificate used for VPN privacy. The client does not properly validate Distinguished Names (DN) contained in some certificates, and may trust certificates supplied by a third party that represent a malicious host. It can be used under the Microsoft Windows operating system, and can also be used under the Linux operating system. CISCO designated this vulnerability number as: CSCdw87717

Trust: 1.26

sources: NVD: CVE-2002-1106 // BID: 5652 // VULHUB: VHN-5494

AFFECTED PRODUCTS

vendor:	cisco	model:	vpn client	scope:	eq	version:	3.1	Trust: 1.6
vendor:	cisco	model:	vpn client	scope:	eq	version:	2.0	Trust: 1.6
vendor:	cisco	model:	vpn client	scope:	eq	version:	3.0	Trust: 1.6
vendor:	cisco	model:	vpn client	scope:	eq	version:	3.5.1	Trust: 1.6
vendor:	cisco	model:	vpn client for windows	scope:	eq	version:	3.5.1	Trust: 0.3
vendor:	cisco	model:	vpn client for windows	scope:	eq	version:	3.1	Trust: 0.3
vendor:	cisco	model:	vpn client for windows	scope:	eq	version:	3.0.5	Trust: 0.3
vendor:	cisco	model:	vpn client for windows	scope:	eq	version:	3.0	Trust: 0.3
vendor:	cisco	model:	vpn client for windows	scope:	eq	version:	2.0	Trust: 0.3
vendor:	cisco	model:	vpn client for solaris	scope:	eq	version:	3.5.1	Trust: 0.3
vendor:	cisco	model:	vpn client for mac os	scope:	eq	version:	x3.5.1	Trust: 0.3
vendor:	cisco	model:	vpn client for linux	scope:	eq	version:	3.5.1	Trust: 0.3
vendor:	cisco	model:	vpn client for windows	scope:	ne	version:	3.6	Trust: 0.3
vendor:	cisco	model:	vpn client for windows c	scope:	ne	version:	3.5.1	Trust: 0.3

sources: BID: 5652 // CNNVD: CNNVD-200210-212 // NVD: CVE-2002-1106

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2002-1106
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200210-212
value:	HIGH
Trust: 0.6
VULHUB:	VHN-5494
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2002-1106
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-5494
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-5494 // CNNVD: CNNVD-200210-212 // NVD: CVE-2002-1106

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-1106

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200210-212

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200210-212

EXTERNAL IDS

db:	BID	id:	5652	Trust: 2.0
db:	NVD	id:	CVE-2002-1106	Trust: 1.7
db:	CNNVD	id:	CNNVD-200210-212	Trust: 0.7
db:	CISCO	id:	20020905 CISCO VPN CLIENT MULTIPLE VULNERABILITIES - SECOND SET	Trust: 0.6
db:	XF	id:	10045	Trust: 0.6
db:	VULHUB	id:	VHN-5494	Trust: 0.1

sources: VULHUB: VHN-5494 // BID: 5652 // CNNVD: CNNVD-200210-212 // NVD: CVE-2002-1106

REFERENCES

url:	http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml	Trust: 2.0
url:	http://www.securityfocus.com/bid/5652	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/10045	Trust: 1.1
url:	http://xforce.iss.net/xforce/xfdb/10045	Trust: 0.6

sources: VULHUB: VHN-5494 // BID: 5652 // CNNVD: CNNVD-200210-212 // NVD: CVE-2002-1106

CREDITS

Cisco Security Advisory

Trust: 0.6

sources: CNNVD: CNNVD-200210-212

SOURCES

db:	VULHUB	id:	VHN-5494
db:	BID	id:	5652
db:	CNNVD	id:	CNNVD-200210-212
db:	NVD	id:	CVE-2002-1106

LAST UPDATE DATE

2025-04-03T22:14:11.621000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-5494	date:	2017-10-10T00:00:00
db:	BID	id:	5652	date:	2002-09-05T00:00:00
db:	CNNVD	id:	CNNVD-200210-212	date:	2005-05-13T00:00:00
db:	NVD	id:	CVE-2002-1106	date:	2025-04-03T01:03:51.193

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-5494	date:	2002-10-04T00:00:00
db:	BID	id:	5652	date:	2002-09-05T00:00:00
db:	CNNVD	id:	CNNVD-200210-212	date:	2002-09-05T00:00:00
db:	NVD	id:	CVE-2002-1106	date:	2002-10-04T04:00:00