CVE-2002-1106

Currently unrated

Key Information:

Vendor: Cisco
Status: Vpn Client
Vendor: CVE Published:; 4 October 2002

Summary

Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.1C, does not properly verify that certificate DN fields match those of the certificate from the VPN Concentrator, which allows remote attackers to conduct man-in-the-middle attacks.

References

http://www.cisco.com/warp/public/707/vpnclient-multiple2-...

vendor-advisoryx_refsource_CISCO

https://exchange.xforce.ibmcloud.com/vulnerabilities/10045

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/5652

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Oct 4, 2002
Vulnerability Reserved
Sep 6, 2002