Vulnerabilities > CVE-2002-1092 - Unspecified vulnerability in Cisco VPN 3000 Concentrator Series Software

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

cisco

nessus

NVD

Published: 2002-10-04

Updated: 2018-10-30

Summary

Cisco VPN 3000 Concentrator 3.6(Rel) and earlier, and 2.x.x, when configured to use internal authentication with group accounts and without any user accounts, allows remote VPN clients to log in using PPTP or IPSEC user authentication.

Vulnerable Configurations

Part	Description	Count
OS	Cisco Cisco VPN 3000 Concentrator Series Software 2.0 Cisco VPN 3000 Concentrator Series Software 2.5.2.A Cisco VPN 3000 Concentrator Series Software 2.5.2.B Cisco VPN 3000 Concentrator Series Software 2.5.2.C Cisco VPN 3000 Concentrator Series Software 2.5.2.D Cisco VPN 3000 Concentrator Series Software 2.5.2.F Cisco VPN 3000 Concentrator Series Software 3.0 Cisco VPN 3000 Concentrator Series Software 3.0\(Rel\) Cisco VPN 3000 Concentrator Series Software 3.0.3.A Cisco VPN 3000 Concentrator Series Software 3.0.3.B Cisco VPN 3000 Concentrator Series Software 3.0.4 Cisco VPN 3000 Concentrator Series Software 3.1 Cisco VPN 3000 Concentrator Series Software 3.1\(Rel\) Cisco VPN 3000 Concentrator Series Software 3.1.1 Cisco VPN 3000 Concentrator Series Software 3.1.2 Cisco VPN 3000 Concentrator Series Software 3.1.4 Cisco VPN 3000 Concentrator Series Software 3.5\(Rel\) Cisco VPN 3000 Concentrator Series Software 3.5.1 Cisco VPN 3000 Concentrator Series Software 3.5.2 Cisco VPN 3000 Concentrator Series Software 3.5.3 Cisco VPN 3000 Concentrator Series Software 3.5.4 Cisco VPN 3000 Concentrator Series Software 3.5.5 Cisco VPN 3000 Concentrator Series Software 3.6 Cisco VPN 3000 Concentrator Series Software 3.6\(Rel\)	24

Nessus

NASL family	CISCO
NASL id	CSCDV66718.NASL
description	The remote VPN concentrator has a bug in its PPTP client. This vulnerability is documented as Cisco bug ID CSCdv66718.
last seen	2020-06-01
modified	2020-06-02
plugin id	11291
published	2003-03-01
reporter	This script is (C) 2003-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/11291
title	Cisco VPN 3000 Concentrator PPTP/IPSEC Group Credential Authentication Bypass (CSCdv66718)

NASL family	CISCO
NASL id	CSCDT56514.NASL
description	The remote VPN concentrator is vulnerable to an internal PPTP / IPSEC authentication login attack. This vulnerability is documented as Cisco bug ID CSCdt56514.
last seen	2020-06-01
modified	2020-06-02
plugin id	11287
published	2003-03-01
reporter	This script is (C) 2003-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/11287
title	Cisco VPN 3000 Concentrator Multiple Vulnerabilities (CSCdt56514, CSCdv66718)

Summary

Vulnerable Configurations

Nessus

References