Cisco VPN 3000 Concentrator Information Disclosure Vulnerability
CVE-2002-1097

Currently unrated

Key Information:

Vendor: Cisco
Status: Vpn 3000 Concentrator Series Software; Vpn 3002 Hardware Client
Vendor: CVE Published:; 4 October 2002

What is CVE-2002-1097?

The Cisco VPN 3000 Concentrator, specifically versions 2.2.x and 3.x prior to 3.5.2, contains a vulnerability that permits restricted administrators to retrieve certificate passwords stored in plaintext in the HTML source code of the Certificate Management pages. This exposure can lead to unauthorized access or manipulation of secure communications.

References

http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-...

vendor-advisoryx_refsource_CISCO

http://www.securityfocus.com/bid/5612

vdb-entryx_refsource_BID

http://www.iss.net/security_center/static/10022.php

vdb-entryx_refsource_XF

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 4, 2002
Vulnerability Reserved
Sep 6, 2002