Vulnerabilities > CVE-2002-0848 - Unspecified vulnerability in Cisco VPN 5000 Concentrator Series Software

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

cisco

NVD

Published: 2002-08-12

Updated: 2024-11-20

Summary

Cisco VPN 5000 series concentrator hardware 6.0.21.0002 and earlier, and 5.2.23.0003 and earlier, when using RADIUS with a challenge type of Password Authentication Protocol (PAP) or Challenge, sends the user password in cleartext in a validation retry request, which could allow remote attackers to steal passwords via sniffing.

Vulnerable Configurations

Part	Description	Count
OS	Cisco Cisco VPN 5000 Concentrator Series Software 5.2.14 Cisco VPN 5000 Concentrator Series Software 5.2.15 Cisco VPN 5000 Concentrator Series Software 5.2.16 Cisco VPN 5000 Concentrator Series Software 5.2.19 Cisco VPN 5000 Concentrator Series Software 5.2.20 Cisco VPN 5000 Concentrator Series Software 5.2.21 Cisco VPN 5000 Concentrator Series Software 5.2.22 Cisco VPN 5000 Concentrator Series Software 5.2.23.0001 Cisco VPN 5000 Concentrator Series Software 5.2.23.0003 Cisco VPN 5000 Concentrator Series Software 6.0.15 Cisco VPN 5000 Concentrator Series Software 6.0.16 Cisco VPN 5000 Concentrator Series Software 6.0.17 Cisco VPN 5000 Concentrator Series Software 6.0.18 Cisco VPN 5000 Concentrator Series Software 6.0.19 Cisco VPN 5000 Concentrator Series Software 6.0.20 Cisco VPN 5000 Concentrator Series Software 6.0.21.0001 Cisco VPN 5000 Concentrator Series Software 6.0.21.0002	17
Hardware	Cisco Cisco VPN 5000 Concentrator -	1

Summary

Vulnerable Configurations

References