VAR-200208-0056
Vulnerability from variot - Updated: 2025-04-03 22:24Cisco VPN 5000 series concentrator hardware 6.0.21.0002 and earlier, and 5.2.23.0003 and earlier, when using RADIUS with a challenge type of Password Authentication Protocol (PAP) or Challenge, sends the user password in cleartext in a validation retry request, which could allow remote attackers to steal passwords via sniffing. The VPN 5000 Concentrator line supports the use of a RADIUS server to authenticate client connections. An error has been reported in this authentication process when either PAP or Challenge authentication is used. If more than one authentication message is transmitted, the client password will be sent in plaintext. Cisco has reported that this issue does not exist if CHAP authentication is used. The Cisco VPN 5000 Series Concentrators consist of a general-purpose remote-access virtual private network (VPN) platform and client software that combines high availability, performance, and scalability with today's most advanced encryption and authentication technologies for Professional operators or enterprise users provide services. User passwords may be sent in clear text. VPN 5000 series concentrators support three RADIUS communication methods. The keyword ChallengeType in the [RADIUS] section can be set to CHAP, PAP or Challenge. When using a RADIUS server, access requests are sent to the RADIUS server, and user passwords are encrypted according to RFC regulations. If within a certain period of time due to network or configuration problems, the server does not return an Access-Accept (allowing access) packet, then the concentrator will send a retry packet, but the user password in this packet is sent in plain text. All Cisco VPN 5000 Series Concentrator hardware using software versions 6.0.21.0002 (and earlier) and 5.2.23.0003 (and earlier) are affected by this vulnerability. This series includes the 5001, 5002 and 5008 models. Older versions of the IntraPort family of concentrator hardware are also affected by this vulnerability. This series includes IntraPort 2, IntraPort 2+, IntraPort Enterprise-2 and Enterprise-8, IntraPort Carrier-2 and Carrier-8 models. VPN 3000 series concentrator hardware is not affected by this vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200208-0056",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vpn 5000 concentrator series software",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "5.2.14"
},
{
"model": "vpn 5000 concentrator series software",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "5.2.23.0003"
},
{
"model": "vpn 5000 concentrator series software",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "6.0.15"
},
{
"model": "vpn 5000 concentrator series software",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "6.0.21.0002"
},
{
"model": "vpn 5000 concentrator series software",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "5.2.23.0003"
},
{
"model": "vpn 500 concentrator",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "6.0.21.0002"
},
{
"model": "vpn 500 concentrator",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "5.2.23.0003"
},
{
"model": "vpn concentrator",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5008"
},
{
"model": "vpn concentrator",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5002"
},
{
"model": "vpn concentrator",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5001"
},
{
"model": "intraport enterprise-8",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "intraport enterprise-2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "intraport carrier-8",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "intraport carrier-2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "intraport",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2+"
},
{
"model": "intraport",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2"
}
],
"sources": [
{
"db": "BID",
"id": "5417"
},
{
"db": "CNNVD",
"id": "CNNVD-200208-008"
},
{
"db": "NVD",
"id": "CVE-2002-0848"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco PSIRT\u203b psirt@cisco.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200208-008"
}
],
"trust": 0.6
},
"cve": "CVE-2002-0848",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2002-0848",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-5239",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2002-0848",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200208-008",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-5239",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5239"
},
{
"db": "CNNVD",
"id": "CNNVD-200208-008"
},
{
"db": "NVD",
"id": "CVE-2002-0848"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco VPN 5000 series concentrator hardware 6.0.21.0002 and earlier, and 5.2.23.0003 and earlier, when using RADIUS with a challenge type of Password Authentication Protocol (PAP) or Challenge, sends the user password in cleartext in a validation retry request, which could allow remote attackers to steal passwords via sniffing. The VPN 5000 Concentrator line supports the use of a RADIUS server to authenticate client connections. An error has been reported in this authentication process when either PAP or Challenge authentication is used. If more than one authentication message is transmitted, the client password will be sent in plaintext. \nCisco has reported that this issue does not exist if CHAP authentication is used. The Cisco VPN 5000 Series Concentrators consist of a general-purpose remote-access virtual private network (VPN) platform and client software that combines high availability, performance, and scalability with today\u0027s most advanced encryption and authentication technologies for Professional operators or enterprise users provide services. User passwords may be sent in clear text. VPN 5000 series concentrators support three RADIUS communication methods. The keyword ChallengeType in the [RADIUS] section can be set to CHAP, PAP or Challenge. When using a RADIUS server, access requests are sent to the RADIUS server, and user passwords are encrypted according to RFC regulations. If within a certain period of time due to network or configuration problems, the server does not return an Access-Accept (allowing access) packet, then the concentrator will send a retry packet, but the user password in this packet is sent in plain text. All Cisco VPN 5000 Series Concentrator hardware using software versions 6.0.21.0002 (and earlier) and 5.2.23.0003 (and earlier) are affected by this vulnerability. This series includes the 5001, 5002 and 5008 models. Older versions of the IntraPort family of concentrator hardware are also affected by this vulnerability. This series includes IntraPort 2, IntraPort 2+, IntraPort Enterprise-2 and Enterprise-8, IntraPort Carrier-2 and Carrier-8 models. VPN 3000 series concentrator hardware is not affected by this vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2002-0848"
},
{
"db": "BID",
"id": "5417"
},
{
"db": "VULHUB",
"id": "VHN-5239"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "5417",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-2002-0848",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200208-008",
"trust": 0.7
},
{
"db": "XF",
"id": "5000",
"trust": 0.6
},
{
"db": "CISCO",
"id": "20020807 CISCO VPN 5000 SERIES CONCENTRATOR RADIUS PAP AUTHENTICATION VULNERABILITY",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-5239",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5239"
},
{
"db": "BID",
"id": "5417"
},
{
"db": "CNNVD",
"id": "CNNVD-200208-008"
},
{
"db": "NVD",
"id": "CVE-2002-0848"
}
]
},
"id": "VAR-200208-0056",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-5239"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-03T22:24:10.106000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-0848"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/5417"
},
{
"trust": 1.7,
"url": "http://www.cisco.com/warp/public/707/vpn5k-radius-pap-vuln-pub.shtml"
},
{
"trust": 1.7,
"url": "http://www.iss.net/security_center/static/9781.php"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5239"
},
{
"db": "CNNVD",
"id": "CNNVD-200208-008"
},
{
"db": "NVD",
"id": "CVE-2002-0848"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-5239"
},
{
"db": "BID",
"id": "5417"
},
{
"db": "CNNVD",
"id": "CNNVD-200208-008"
},
{
"db": "NVD",
"id": "CVE-2002-0848"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-08-12T00:00:00",
"db": "VULHUB",
"id": "VHN-5239"
},
{
"date": "2002-08-07T00:00:00",
"db": "BID",
"id": "5417"
},
{
"date": "2002-08-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200208-008"
},
{
"date": "2002-08-12T04:00:00",
"db": "NVD",
"id": "CVE-2002-0848"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-30T00:00:00",
"db": "VULHUB",
"id": "VHN-5239"
},
{
"date": "2002-08-07T00:00:00",
"db": "BID",
"id": "5417"
},
{
"date": "2005-05-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200208-008"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2002-0848"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200208-008"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco VPN 5000 Series concentrator RADIUS PAP Authentication vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200208-008"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "5417"
},
{
"db": "CNNVD",
"id": "CNNVD-200208-008"
}
],
"trust": 0.9
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…