Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2002-09-05 | CVE-2002-0852 | Denial-Of-Service vulnerability in VPN Client for Linux Buffer overflows in Cisco Virtual Private Network (VPN) Client 3.5.4 and earlier allows remote attackers to cause a denial of service via (1) an Internet Key Exchange (IKE) with a large Security Parameter Index (SPI) payload, or (2) an IKE packet with a large number of valid payloads. | 5.0 |
| 2002-08-12 | CVE-2002-0849 | Information Disclosure vulnerability in iSCSI Insecure Configuration File Permissions Linux-iSCSI iSCSI implementation installs the iscsi.conf file with world-readable permissions on some operating systems, including Red Hat Linux Limbo Beta #1, which could allow local users to gain privileges by reading the cleartext CHAP password. | 4.6 |
| 2002-08-12 | CVE-2002-0848 | Unspecified vulnerability in Cisco VPN 5000 Concentrator Series Software Cisco VPN 5000 series concentrator hardware 6.0.21.0002 and earlier, and 5.2.23.0003 and earlier, when using RADIUS with a challenge type of Password Authentication Protocol (PAP) or Challenge, sends the user password in cleartext in a validation retry request, which could allow remote attackers to steal passwords via sniffing. | 5.0 |
| 2002-08-12 | CVE-2002-0792 | Denial Of Service vulnerability in Cisco Content Service Switch HTTPS Post The web management interface for Cisco Content Service Switch (CSS) 11000 switches allows remote attackers to cause a denial of service (soft reset) via (1) an HTTPS POST request, or (2) malformed XML data. | 5.0 |
| 2002-08-12 | CVE-2002-0769 | Unspecified vulnerability in Cisco Ata-186 The web-based configuration interface for the Cisco ATA 186 Analog Telephone Adaptor allows remote attackers to bypass authentication via an HTTP POST request with a single byte, which allows the attackers to (1) obtain the password from the login screen, or (2) reconfigure the adaptor by modifying certain request parameters. | 6.4 |
| 2002-08-12 | CVE-2002-0505 | Denial of Service vulnerability in Cisco CallManager CTI Memory Leak Memory leak in the Call Telephony Integration (CTI) Framework authentication for Cisco CallManager 3.0 and 3.1 before 3.1(3) allows remote attackers to cause a denial of service (crash and reload) via a series of authentication failures, e.g. | 5.0 |
| 2002-07-03 | CVE-2002-0545 | Denial of Service vulnerability in Cisco Aironet Telnet Authentication Cisco Aironet before 11.21 with Telnet enabled allows remote attackers to cause a denial of service (reboot) via a series of login attempts with invalid usernames and passwords. | 5.0 |
| 2002-06-25 | CVE-2002-0339 | Unspecified vulnerability in Cisco IOS Cisco IOS 11.1CC through 12.2 with Cisco Express Forwarding (CEF) enabled includes portions of previous packets in the padding of a MAC level packet when the MAC packet's length is less than the IP level packet length. | 5.0 |
| 2002-05-16 | CVE-2002-0225 | Unspecified vulnerability in Cisco Tacacs+ F4.0.4Alpha tac_plus Tacacs+ daemon F4.0.4.alpha, originally maintained by Cisco, creates files from the accounting directive with world-readable and writable permissions, which allows local users to access and modify sensitive files. | 4.6 |
| 2002-04-22 | CVE-2002-0160 | Unspecified vulnerability in Cisco Secure Access Control Server The administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to read HTML, Java class, and image files outside the web root via a ..\.. | 5.0 |