Vulnerabilities > CVE-2002-1092 - Authentication External Access vulnerability in Cisco Internal Group

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
cisco
nessus

Summary

Cisco VPN 3000 Concentrator 3.6(Rel) and earlier, and 2.x.x, when configured to use internal authentication with group accounts and without any user accounts, allows remote VPN clients to log in using PPTP or IPSEC user authentication.

Nessus

  • NASL familyCISCO
    NASL idCSCDV66718.NASL
    descriptionThe remote VPN concentrator has a bug in its PPTP client. This vulnerability is documented as Cisco bug ID CSCdv66718.
    last seen2020-06-01
    modified2020-06-02
    plugin id11291
    published2003-03-01
    reporterThis script is (C) 2003-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/11291
    titleCisco VPN 3000 Concentrator PPTP/IPSEC Group Credential Authentication Bypass (CSCdv66718)
  • NASL familyCISCO
    NASL idCSCDT56514.NASL
    descriptionThe remote VPN concentrator is vulnerable to an internal PPTP / IPSEC authentication login attack. This vulnerability is documented as Cisco bug ID CSCdt56514.
    last seen2020-06-01
    modified2020-06-02
    plugin id11287
    published2003-03-01
    reporterThis script is (C) 2003-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/11287
    titleCisco VPN 3000 Concentrator Multiple Vulnerabilities (CSCdt56514, CSCdv66718)