Man-in-the-Middle Vulnerability in Cisco VPN Client Software
CVE-2002-1106

Currently unrated

Key Information:

Vendor: Cisco
Status: Vpn Client
Vendor: CVE Published:; 4 October 2002

Summary

The Cisco VPN Client software versions 2.x.x and 3.x prior to 3.5.1C contains a vulnerability due to inadequate validation of certificate Distinguished Name (DN) fields against those from the VPN Concentrator. This flaw enables remote attackers to potentially execute man-in-the-middle attacks, compromising the security of communications over the VPN by intercepting and altering data traffic without detection.

References

http://www.cisco.com/warp/public/707/vpnclient-multiple2-...

vendor-advisoryx_refsource_CISCO

https://exchange.xforce.ibmcloud.com/vulnerabilities/10045

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/5652

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Oct 4, 2002
Vulnerability Reserved
Sep 6, 2002