Vulnerabilities > Cisco > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2002-10-04 | CVE-2002-1096 | Unspecified vulnerability in Cisco products Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.1, allows restricted administrators to obtain user passwords that are stored in plaintext in HTML source code. | 7.5 |
| 2002-10-04 | CVE-2002-1092 | Authentication External Access vulnerability in Cisco Internal Group Cisco VPN 3000 Concentrator 3.6(Rel) and earlier, and 2.x.x, when configured to use internal authentication with group accounts and without any user accounts, allows remote VPN clients to log in using PPTP or IPSEC user authentication. | 7.5 |
| 2002-10-04 | CVE-2002-1024 | Resource Management Errors vulnerability in Cisco products Cisco IOS 12.0 through 12.2, when supporting SSH, allows remote attackers to cause a denial of service (CPU consumption) via a large packet that was designed to exploit the SSH CRC32 attack detection overflow (CVE-2001-0144). | 7.1 |
| 2002-10-04 | CVE-2002-0954 | Remote Security vulnerability in PIX Firewall The encryption algorithms for enable and passwd commands on Cisco PIX Firewall can be executed quickly due to a limited number of rounds, which make it easier for an attacker to decrypt the passwords using brute force techniques. | 7.5 |
| 2002-10-04 | CVE-2002-0938 | Cross-Site Scripting vulnerability in Cisco Secure ACS Cross-site scripting vulnerability in CiscoSecure ACS 3.0 allows remote attackers to execute arbitrary script or HTML as other web users via the action argument in a link to setup.exe. | 7.5 |
| 2002-09-05 | CVE-2002-0870 | Remote Security vulnerability in CSS11000 Content Services Switch The original patch for the Cisco Content Service Switch 11000 Series authentication bypass vulnerability (CVE-2001-0622) was incomplete, which still allows remote attackers to gain additional privileges by directly requesting the web management URL instead of navigating through the interface, possibly via a variant of the original attack, as identified by Cisco bug ID CSCdw08549. | 7.5 |
| 2002-08-12 | CVE-2002-0813 | Buffer Errors vulnerability in Cisco IOS 11.1/11.2/11.3 Heap-based buffer overflow in the TFTP server capability in Cisco IOS 11.1, 11.2, and 11.3 allows remote attackers to cause a denial of service (reset) or modify configuration via a long filename. | 7.1 |
| 2002-08-12 | CVE-2002-0778 | Unspecified vulnerability in Cisco products The default configuration of the proxy for Cisco Cache Engine and Content Engine allows remote attackers to use HTTPS to make TCP connections to allowed IP addresses while hiding the actual source IP. | 7.5 |
| 2002-05-29 | CVE-2002-0241 | Authentication vulnerability in Cisco Secure Access Control Server 3.0.1 NDSAuth.DLL in Cisco Secure Authentication Control Server (ACS) 3.0.1 does not check the Expired or Disabled state of users in the Novell Directory Services (NDS), which could allow those users to authenticate to the server. | 7.5 |
| 2002-05-28 | CVE-2002-1447 | Local Buffer Overflow vulnerability in Cisco VPN Client for Unix Buffer overflow in the vpnclient program for UNIX VPN Client before 3.5.2 allows local users to gain administrative privileges via a long profile name in a connect argument. | 7.2 |