Vulnerability Name:

CVE-2002-0852 (CCN-9819)

Assigned:2002-08-12
Published:2002-08-12
Updated:2008-09-10
Summary:Buffer overflows in Cisco Virtual Private Network (VPN) Client 3.5.4 and earlier allows remote attackers to cause a denial of service via (1) an Internet Key Exchange (IKE) with a large Security Parameter Index (SPI) payload, or (2) an IKE packet with a large number of valid payloads.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Denial of Service
References:Source: CCN
Type: FreeBSD Security Notice FreeBSD-SN-02:05
security issues in ports

Source: MITRE
Type: CNA
CVE-2002-0852

Source: CCN
Type: Cisco Systems Inc. Security Advisory, 2002 August 12 UTC 1500
Cisco VPN Client Multiple Vulnerabilities

Source: CISCO
Type: Patch, Vendor Advisory
20020812 Cisco VPN Client Multiple Vulnerabilities

Source: CCN
Type: OpenBSD 3.1 errata
010: RELIABILITY FIX: July 5, 2002

Source: CCN
Type: BID-5441
Cisco VPN Client IKE Security Parameter Index Payload Buffer Overflow Vulnerability

Source: XF
Type: UNKNOWN
cisco-vpn-spi-bo(9819)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:cisco:vpn_client:3.5.1:*:linux:*:*:*:*:*
  • OR cpe:/a:cisco:vpn_client:3.5.1:*:mac_os_x:*:*:*:*:*
  • OR cpe:/a:cisco:vpn_client:3.5.1:*:solaris:*:*:*:*:*
  • OR cpe:/a:cisco:vpn_client:3.5.1:*:windows:*:*:*:*:*
  • OR cpe:/a:cisco:vpn_client:3.5.2:*:linux:*:*:*:*:*
  • OR cpe:/a:cisco:vpn_client:3.5.2:*:mac_os_x:*:*:*:*:*
  • OR cpe:/a:cisco:vpn_client:3.5.2:*:solaris:*:*:*:*:*
  • OR cpe:/a:cisco:vpn_client:3.5.2:*:windows:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:cisco:vpn_client:3.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:vpn_client:3.5.2:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2002-0852 (CCN-9820)

    Assigned:2002-08-12
    Published:2002-08-12
    Updated:2002-08-12
    Summary:The Cisco Virtual Private Network (VPN) Client software is vulnerable to a denial of service attack, caused by a buffer overflow in the handling of malformed Internet Key Exchange (IKE) packets. By sending a specially-crafted IKE packet with more than 57 payloads, a remote attacker could overflow a buffer to cause the Cisco VPN Client to stop functioning properly.
    CVSS v3 Severity:6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): Low
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): None
    Integrity (I): Low
    Availibility (A): Low
    CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Authentication (Au): None
    Impact Metrics:Confidentiality (C): None
    Integrity (I): None
    Availibility (A): Partial
    6.4 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Athentication (Au): None
    Impact Metrics:Confidentiality (C): None
    Integrity (I): Partial
    Availibility (A): Partial
    Vulnerability Consequences:Denial of Service
    References:Source: CCN
    Type: FreeBSD Security Notice FreeBSD-SN-02:05
    security issues in ports

    Source: MITRE
    Type: CNA
    CVE-2002-0852

    Source: CCN
    Type: Cisco Systems Inc. Security Advisory, 2002 August 12 UTC 1500
    Cisco VPN Client Multiple Vulnerabilities

    Source: CCN
    Type: OpenBSD 3.1 errata
    010: RELIABILITY FIX: July 5, 2002

    Source: CCN
    Type: BID-5443
    Cisco VPN Client IKE Packet Excessive Payloads Vulnerability

    Source: XF
    Type: UNKNOWN
    cisco-vpn-ike-payload-bo(9820)

    Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:cisco:vpn_client:3.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:vpn_client:3.5.2:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    cisco vpn client 3.5.1
    cisco vpn client 3.5.1
    cisco vpn client 3.5.1
    cisco vpn client 3.5.1
    cisco vpn client 3.5.2
    cisco vpn client 3.5.2
    cisco vpn client 3.5.2
    cisco vpn client 3.5.2
    cisco vpn client 3.5.1
    cisco vpn client 3.5.2
    cisco vpn client 3.5.1
    cisco vpn client 3.5.2