Information Leak Vulnerabilities in Cisco VPN 3000 Concentrator
CVE-2002-1094

Currently unrated

Key Information:

Vendor: Cisco
Status: Vpn 3000 Concentrator Series Software; Vpn 3002 Hardware Client
Vendor: CVE Published:; 4 October 2002

Summary

The Cisco VPN 3000 Concentrator series, specifically versions 2.x.x and 3.x.x prior to version 3.5.4, are susceptible to information leak vulnerabilities. Remote attackers can exploit these flaws to gain access to sensitive information through exposed SSH and FTP banners or via malformed HTTP requests. This exposure may allow unauthorized access to vital system details, raising significant security concerns for organizations relying on the affected products.

References

http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-...

vendor-advisoryx_refsource_CISCO

http://www.iss.net/security_center/static/10020.php

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/5624

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Oct 4, 2002
Vulnerability Reserved
Sep 6, 2002