Vulnerability Description
Cisco VPN 3000 Concentrator 3.6(Rel) and earlier, and 2.x.x, when configured to use internal authentication with group accounts and without any user accounts, allows remote VPN clients to log in using PPTP or IPSEC user authentication.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Vpn 3000 Concentrator Series Software | <= 3.6\(rel\) |
References
- http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtmlVendor Advisory
- http://www.securityfocus.com/bid/5613Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/10017
- http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtmlVendor Advisory
- http://www.securityfocus.com/bid/5613Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/10017
FAQ
What is CVE-2002-1092?
CVE-2002-1092 is a vulnerability with a CVSS score of 7.5 (HIGH). Cisco VPN 3000 Concentrator 3.6(Rel) and earlier, and 2.x.x, when configured to use internal authentication with group accounts and without any user accounts, allows remote VPN clients to log in using...
How severe is CVE-2002-1092?
CVE-2002-1092 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-1092?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Vpn 3000 Concentrator Series Software.