CVE-2002-1092

Published: Oct 4, 2002Modified: Apr 16, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Cisco VPN 3000 Concentrator 3.6(Rel) and earlier, and 2.x.x, when configured to use internal authentication with group accounts and without any user accounts, allows remote VPN clients to log in using PPTP or IPSEC user authentication.

Affected (1)

Products: Cisco: Vpn 3000 Concentrator Series Software

Cisco

1 product

Vpn 3000 Concentrator Series Software

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cisco Vpn 3000 Concentrator Series Software	Up to 3.6\(rel\)

References (6)

http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml

Source: cve@mitre.org

Vendor Advisory

http://www.securityfocus.com/bid/5613

Source: cve@mitre.org

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/10017

Source: cve@mitre.org

http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/5613

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/10017

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.