Vulnerability CVE-2002-1092

Vulnerability Name:

CVE-2002-1092 (CCN-10017)

Assigned:

2002-09-03

Published:

2002-09-03

Updated:

2018-10-30

Summary:

Cisco VPN 3000 Concentrator 3.6(Rel) and earlier, and 2.x.x, when configured to use internal authentication with group accounts and without any user accounts, allows remote VPN clients to log in using PPTP or IPSEC user authentication.

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-Other

Vulnerability Consequences:

Bypass Security

References:

Source: MITRE
Type: CNA
CVE-2002-1092

Source: CCN
Type: CIAC Information Bulletin M-119
Cisco VPN Concentrators and VPN 3002 Client Multiple Vulnerabilities

Source: CCN
Type: vpn3k-multiple-vuln-pub
Cisco Security Advisory: Cisco VPN 3000 Concentrator Multiple Vulnerabilities

Source: CISCO
Type: Vendor Advisory
20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities

Source: CCN
Type: OSVDB ID: 8907
Cisco VPN 3000 Concentrator PPTP/IPSEC Group Credential Authentication Bypass

Source: CCN
Type: BID-5609
Multiple Cisco VPN 3000 Vulnerabilities

Source: BID
Type: Vendor Advisory
5613

Source: CCN
Type: BID-5613
Cisco Internal Group Authentication External Access Vulnerability

Source: XF
Type: UNKNOWN
cisco-vpn-bypass-authentication(10017)

Source: XF
Type: UNKNOWN
cisco-vpn-bypass-authentication(10017)

Vulnerable Configuration:

Configuration 1:

cpe:/o:cisco:vpn_3000_concentrator_series_software:*:*:*:*:*:*:*:* (Version <= 3.6(rel))

Denotes that component is vulnerable

BACK