CVE-2002-1094

Information leaks in Cisco VPN 3000 Concentrator 2.x.x and 3.x.x before 3.5.4 allow remote attackers to obtain potentially sensitive information via the (1) SSH banner, (2) FTP banner, or (3) an incorrect HTTP request.

Published: Oct 4, 2002
Updated: Nov 9, 2025
CVE: CVE-2002-1094
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
cisco / vpn_3000_concentrator_series_software	2.0	2.0.x
cisco / vpn_3000_concentrator_series_software	2.5.2.a	2.5.2.a.x
cisco / vpn_3000_concentrator_series_software	2.5.2.b	2.5.2.b.x
cisco / vpn_3000_concentrator_series_software	2.5.2.c	2.5.2.c.x
cisco / vpn_3000_concentrator_series_software	2.5.2.d	2.5.2.d.x
cisco / vpn_3000_concentrator_series_software	2.5.2.f	2.5.2.f.x
cisco / vpn_3000_concentrator_series_software	3.0	3.0.x
cisco / vpn_3000_concentrator_series_software	3.0(rel)	3.0(rel).x
cisco / vpn_3000_concentrator_series_software	3.0.3.a	3.0.3.a.x
cisco / vpn_3000_concentrator_series_software	3.0.3.b	3.0.3.b.x
cisco / vpn_3000_concentrator_series_software	3.0.4	3.0.4.x
cisco / vpn_3000_concentrator_series_software	3.1(rel)	3.1(rel).x
cisco / vpn_3000_concentrator_series_software	3.1.1	3.1.1.x
cisco / vpn_3000_concentrator_series_software	3.1.2	3.1.2.x
cisco / vpn_3000_concentrator_series_software	3.1.4	3.1.4.x
cisco / vpn_3000_concentrator_series_software	3.5(rel)	3.5(rel).x
cisco / vpn_3000_concentrator_series_software	3.5.1	3.5.1.x
cisco / vpn_3000_concentrator_series_software	3.5.2	3.5.2.x
cisco / vpn_3000_concentrator_series_software	3.5.3	3.5.3.x
cisco / vpn_3002_hardware_client	-	-

Vulnerability Database

300,445

CVE-2002-1094

Deep Security Visibility Without the Complexity