Vulnerability Description
Cisco VPN 5000 series concentrator hardware 6.0.21.0002 and earlier, and 5.2.23.0003 and earlier, when using RADIUS with a challenge type of Password Authentication Protocol (PAP) or Challenge, sends the user password in cleartext in a validation retry request, which could allow remote attackers to steal passwords via sniffing.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Vpn 5000 Concentrator Series Software | >= 5.2.14, <= 5.2.23.0003 |
| Cisco | Vpn 5000 Concentrator | - |
References
- http://www.cisco.com/warp/public/707/vpn5k-radius-pap-vuln-pub.shtmlPatchVendor Advisory
- http://www.iss.net/security_center/static/9781.phpBroken Link
- http://www.securityfocus.com/bid/5417Third Party AdvisoryVDB Entry
- http://www.cisco.com/warp/public/707/vpn5k-radius-pap-vuln-pub.shtmlPatchVendor Advisory
- http://www.iss.net/security_center/static/9781.phpBroken Link
- http://www.securityfocus.com/bid/5417Third Party AdvisoryVDB Entry
FAQ
What is CVE-2002-0848?
CVE-2002-0848 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Cisco VPN 5000 series concentrator hardware 6.0.21.0002 and earlier, and 5.2.23.0003 and earlier, when using RADIUS with a challenge type of Password Authentication Protocol (PAP) or Challenge, sends ...
How severe is CVE-2002-0848?
CVE-2002-0848 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-0848?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Vpn 5000 Concentrator Series Software, Cisco Vpn 5000 Concentrator.