Remote Information Disclosure Vulnerability in Cisco VPN 3000 Concentrator
CVE-2002-1099

Currently unrated

Key Information:

Vendor: Cisco
Status: Vpn 3000 Concentrator Series Software; Vpn 3002 Hardware Client
Vendor: CVE Published:; 4 October 2002

Summary

Remote attackers can exploit a security flaw in Cisco VPN 3000 Concentrator versions 2.2.x and 3.x prior to 3.5.3 to access sensitive information without authentication. This vulnerability arises from improper access controls on specific HTML pages, potentially exposing crucial data to unauthorized individuals.

References

http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-...

vendor-advisoryx_refsource_CISCO

http://www.securityfocus.com/bid/5616

vdb-entryx_refsource_BID

http://www.iss.net/security_center/static/10024.php

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Oct 4, 2002
Vulnerability Reserved
Sep 6, 2002