Cisco VPN 3000 Concentrator Information Disclosure Vulnerability
CVE-2002-1097

Currently unrated

Key Information:

Vendor
Cisco
Status
Vpn 3000 Concentrator Series Software
Vpn 3002 Hardware Client
Vendor
CVE Published:
4 October 2002

Summary

The Cisco VPN 3000 Concentrator, specifically versions 2.2.x and 3.x prior to 3.5.2, contains a vulnerability that permits restricted administrators to retrieve certificate passwords stored in plaintext in the HTML source code of the Certificate Management pages. This exposure can lead to unauthorized access or manipulation of secure communications.

References

http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-...
vendor-advisoryx_refsource_CISCO
http://www.securityfocus.com/bid/5612
vdb-entryx_refsource_BID
http://www.iss.net/security_center/static/10022.php
vdb-entryx_refsource_XF

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.