Denial of Service Vulnerability in Cisco VPN 3000 Concentrator
CVE-2002-1095

Currently unrated

Key Information:

Vendor: Cisco
Status: Vpn 3000 Concentrator Series Software; Secure Access Control Server; Vpn 3002 Hardware Client
Vendor: CVE Published:; 4 October 2002

Summary

The Cisco VPN 3000 Concentrator, when encryption is enabled, is susceptible to a denial of service attack. This issue arises when a remote attacker utilizes a Windows-based PPTP client configured with the 'No Encryption' setting, leading to a potential service disruption as the device may undergo an unexpected reload. This vulnerability underscores the importance of proper encryption settings in VPN configurations to safeguard against unauthorized service interruptions.

References

http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-...

vendor-advisoryx_refsource_CISCO

http://www.securityfocus.com/bid/5625

vdb-entryx_refsource_BID

http://www.iss.net/security_center/static/10021.php

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Oct 4, 2002
Vulnerability Reserved
Sep 6, 2002