Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2002-1106

Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.1C, does not properly verify that certificate DN fields match those of the certificate from the VPN Concentrator, which allows remote attackers to conduct man-in-the-middle attacks.

  • Published: Oct 4, 2002
  • Updated: Apr 13, 2023
  • CVE: CVE-2002-1106
  • Severity: High
  • Exploit:

CVSS v2:

  • Severity: High
  • Score: 7.5
  • AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Software From Fixed in
cisco / vpn_client 3.1 3.1.x
cisco / vpn_client 3.0 3.0.x
cisco / vpn_client 3.5.1 3.5.1.x
cisco / vpn_client 2.0 2.0.x