Cisco VPN Client Vulnerability in Tunnel Mode Configuration
CVE-2002-1108

Currently unrated

Key Information:

Vendor: Cisco
Status: Vpn Client
Vendor: CVE Published:; 4 October 2002

Summary

The Cisco Virtual Private Network (VPN) Client software versions 2.x.x and 3.x prior to 3.6(Rel) exhibit a vulnerability when configured in all tunnel mode. This flaw allows an external TCP packet to be acknowledged by the VPN Client, creating potential exposure to unauthorized data traffic outside the secure tunnel. Users should review their tunnel configurations and apply relevant security measures to mitigate risk.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/10047

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/5651

vdb-entryx_refsource_BID

http://www.cisco.com/warp/public/707/vpnclient-multiple2-...

vendor-advisoryx_refsource_CISCO

Timeline

Vulnerability published
Oct 4, 2002
Vulnerability Reserved
Sep 6, 2002