Denial of Service Vulnerability in Cisco VPN 3000 Concentrator
CVE-2002-1100

Currently unrated

Key Information:

Vendor: Cisco
Status: Vpn 3000 Concentrator Series Software; Vpn 3002 Hardware Client
Vendor: CVE Published:; 4 October 2002

Summary

A vulnerability exists in the Cisco VPN 3000 Concentrator that allows remote attackers to disrupt service. Specifically, by supplying excessively long usernames or passwords to the HTML login interface, an attacker can trigger a crash, effectively rendering the device inoperable until it is manually reset. This issue affects versions 2.2.x and 3.x prior to 3.5.3, posing a significant risk to the availability and reliability of network services.

References

http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-...

vendor-advisoryx_refsource_CISCO

http://www.securityfocus.com/bid/5617

vdb-entryx_refsource_BID

http://www.iss.net/security_center/static/10025.php

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Oct 4, 2002
Vulnerability Reserved
Sep 6, 2002