Vulnerabilities > CVE-2002-1097 - Unspecified vulnerability in Cisco products

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

cisco

nessus

NVD

Published: 2002-10-04

Updated: 2024-11-20

Summary

Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.2, allows restricted administrators to obtain certificate passwords that are stored in plaintext in the HTML source code for Certificate Management pages.

Vulnerable Configurations

Part	Description	Count
OS	Cisco Cisco VPN 3000 Concentrator Series Software 2.0 Cisco VPN 3000 Concentrator Series Software 2.5.2.A Cisco VPN 3000 Concentrator Series Software 2.5.2.B Cisco VPN 3000 Concentrator Series Software 2.5.2.C Cisco VPN 3000 Concentrator Series Software 2.5.2.D Cisco VPN 3000 Concentrator Series Software 2.5.2.F Cisco VPN 3000 Concentrator Series Software 3.0 Cisco VPN 3000 Concentrator Series Software 3.0\(Rel\) Cisco VPN 3000 Concentrator Series Software 3.0.3.A Cisco VPN 3000 Concentrator Series Software 3.0.3.B Cisco VPN 3000 Concentrator Series Software 3.0.4 Cisco VPN 3000 Concentrator Series Software 3.1 Cisco VPN 3000 Concentrator Series Software 3.1\(Rel\) Cisco VPN 3000 Concentrator Series Software 3.1.1 Cisco VPN 3000 Concentrator Series Software 3.1.2 Cisco VPN 3000 Concentrator Series Software 3.5\(Rel\)	16
Application	Cisco Cisco VPN 3002 Hardware Client *	1

Nessus

NASL family	CISCO
NASL id	CSCDW50657.NASL
description	The remote VPN concentrator discloses the certificate passwords of its users in the source HTML pages of the embedded web server. This vulnerability is documented as Cisco bug ID CSCdw50657.
last seen	2020-06-01
modified	2020-06-02
plugin id	11294
published	2003-03-01
reporter	This script is (C) 2003-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/11294
title	Cisco VPN 3000 Concentrator Certificate Management Page HTML Source Certificate Password Disclosure (CSCdw50657)
code	# # (C) Tenable Network Security, Inc. # # Thanks to Nicolas FISCHBACH ([email protected]) for his help # # Ref: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20020903-vpn3k-vulnerability include("compat.inc"); if(description) { script_id(11294); script_version("1.19"); script_cve_id("CVE-2002-1097"); script_bugtraq_id(5612); script_name(english:"Cisco VPN 3000 Concentrator Certificate Management Page HTML Source Certificate Password Disclosure (CSCdw50657)"); script_set_attribute(attribute:"synopsis", value: "The remote device is missing a vendor-supplied security patch." ); script_set_attribute(attribute:"description", value: "The remote VPN concentrator discloses the certificate passwords of its users in the source HTML pages of the embedded web server. This vulnerability is documented as Cisco bug ID CSCdw50657." ); script_set_attribute(attribute:"solution", value: "http://www.nessus.org/u?d2dd6759" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_publication_date", value: "2003/03/01"); script_cvs_date("Date: 2018/06/27 18:42:25"); script_set_attribute(attribute:"vuln_publication_date", value: "2002/09/03"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value: "cpe:/o:cisco:ios"); script_end_attributes(); script_summary(english:"Uses SNMP to determine if a flaw is present"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is (C) 2003-2018 Tenable Network Security, Inc."); script_family(english:"CISCO"); script_dependencie("snmp_sysDesc.nasl"); script_require_keys("SNMP/community", "SNMP/sysDesc", "CISCO/model"); script_require_ports("Services/www", 80); exit(0); } # The code starts here ok=0; os = get_kb_item("SNMP/sysDesc"); if(!os)exit(0); port = get_kb_list("Services/www"); if(isnull(port)) { if(!get_port_state(80))exit(0); soc = open_sock_tcp(80); if(!soc)exit(0); else close(soc); } # Is this a VPN3k concentrator ? if(!egrep(pattern:".VPN 3000 Concentrator.", string:os))exit(0); # < 3.5.2 if(egrep(pattern:".Version 3\.5\.Rel.", string:os))ok = 1; if(egrep(pattern:".Version 3\.5\.[0-1].", string:os))ok = 1; # < 3.1.x if(egrep(pattern:".Version 3\.1\..", string:os))ok = 1; # 3.0.x if(egrep(pattern:".Version 3\.0\..", string:os))ok = 1; # 2.x.x if(egrep(pattern:".Version 2\..", string:os))ok = 1; if(ok)security_hole(port:161, proto:"udp");

Summary

Vulnerable Configurations

Nessus

References