Vulnerability Description
Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.2, allows restricted administrators to obtain certificate passwords that are stored in plaintext in the HTML source code for Certificate Management pages.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Vpn 3000 Concentrator Series Software | 2.0 |
| Cisco | Vpn 3002 Hardware Client | All versions |
References
- http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtmlVendor Advisory
- http://www.iss.net/security_center/static/10022.phpVendor Advisory
- http://www.securityfocus.com/bid/5612
- http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtmlVendor Advisory
- http://www.iss.net/security_center/static/10022.phpVendor Advisory
- http://www.securityfocus.com/bid/5612
FAQ
What is CVE-2002-1097?
CVE-2002-1097 is a vulnerability with a CVSS score of 7.5 (HIGH). Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.2, allows restricted administrators to obtain certificate passwords that are stored in plaintext in the HTML source code for Certificate Managemen...
How severe is CVE-2002-1097?
CVE-2002-1097 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-1097?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Vpn 3000 Concentrator Series Software, Cisco Vpn 3002 Hardware Client.