Vulnerability Description
The Cisco VPN 5000 Client for MacOS before 5.2.2 records the most recently used login password in plaintext when saving "Default Connection" settings, which could allow local users to gain privileges.
CVSS Score
5.0
MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Vpn 5000 Client | 5.1.2 |
References
- http://www.cisco.com/warp/public/707/vpn5k-client-multiple-vuln-pub.shtmlPatchVendor Advisory
- http://www.iss.net/security_center/static/10129.phpPatchVendor Advisory
- http://www.osvdb.org/7041
- http://www.securityfocus.com/bid/5736PatchVendor Advisory
- http://www.cisco.com/warp/public/707/vpn5k-client-multiple-vuln-pub.shtmlPatchVendor Advisory
- http://www.iss.net/security_center/static/10129.phpPatchVendor Advisory
- http://www.osvdb.org/7041
- http://www.securityfocus.com/bid/5736PatchVendor Advisory
FAQ
What is CVE-2002-1491?
CVE-2002-1491 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The Cisco VPN 5000 Client for MacOS before 5.2.2 records the most recently used login password in plaintext when saving "Default Connection" settings, which could allow local users to gain privileges.
How severe is CVE-2002-1491?
CVE-2002-1491 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-1491?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Vpn 5000 Client.