Vulnerability Description
Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.1C, does not properly verify that certificate DN fields match those of the certificate from the VPN Concentrator, which allows remote attackers to conduct man-in-the-middle attacks.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Vpn Client | 2.0 |
References
- http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtmlVendor Advisory
- http://www.securityfocus.com/bid/5652Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/10045
- http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtmlVendor Advisory
- http://www.securityfocus.com/bid/5652Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/10045
FAQ
What is CVE-2002-1106?
CVE-2002-1106 is a vulnerability with a CVSS score of 7.5 (HIGH). Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.1C, does not properly verify that certificate DN fields match those of the certificate from the VPN Concentrator, which al...
How severe is CVE-2002-1106?
CVE-2002-1106 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-1106?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Vpn Client.