VAR-200209-0032
Vulnerability from variot - Updated: 2025-04-03 20:05Buffer overflows in Cisco Virtual Private Network (VPN) Client 3.5.4 and earlier allows remote attackers to cause a denial of service via (1) an Internet Key Exchange (IKE) with a large Security Parameter Index (SPI) payload, or (2) an IKE packet with a large number of valid payloads. VPN Client for Linux is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause denial-of-service conditions. Cisco Virtual Private Network (VPN) Client software is used to communicate with Cisco VPN Concentrator, it can run on Windows, Solaris, redhat linux, Apple MacOS and other systems. The Cisco VPN Client software contains multiple security holes, which can be exploited by attackers to prevent the Cisco VPN Client software program from working properly. * An IKE packet containing more than 57 payloads can trigger VPN Client software buffer overflow. * When the VPN Client software receives a malformed data packet with a payload length of zero, the VPN Client software will occupy 100\% of the CPU resources of the workstation. The Cisco bug ID for these vulnerabilities is CSCdy26045
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200209-0032",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vpn client",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "3.5.2"
},
{
"model": "vpn client",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "3.5.1"
},
{
"model": "vpn client for linux windows",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.5.2"
},
{
"model": "vpn client for linux solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.5.2"
},
{
"model": "vpn client for linux mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.5.2x"
},
{
"model": "vpn client for linux linux",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.5.2"
},
{
"model": "vpn client for linux windows",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.5.1"
},
{
"model": "vpn client for linux solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.5.1"
},
{
"model": "vpn client for linux mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.5.1x"
},
{
"model": "vpn client for linux linux",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.5.1"
}
],
"sources": [
{
"db": "BID",
"id": "89546"
},
{
"db": "CNNVD",
"id": "CNNVD-200209-014"
},
{
"db": "NVD",
"id": "CVE-2002-0852"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco PSIRT\u203b psirt@cisco.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200209-014"
}
],
"trust": 0.6
},
"cve": "CVE-2002-0852",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2002-0852",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-5243",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2002-0852",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200209-014",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-5243",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5243"
},
{
"db": "CNNVD",
"id": "CNNVD-200209-014"
},
{
"db": "NVD",
"id": "CVE-2002-0852"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflows in Cisco Virtual Private Network (VPN) Client 3.5.4 and earlier allows remote attackers to cause a denial of service via (1) an Internet Key Exchange (IKE) with a large Security Parameter Index (SPI) payload, or (2) an IKE packet with a large number of valid payloads. VPN Client for Linux is prone to a denial-of-service vulnerability. \nAn attacker can exploit this issue to cause denial-of-service conditions. Cisco Virtual Private Network (VPN) Client software is used to communicate with Cisco VPN Concentrator, it can run on Windows, Solaris, redhat linux, Apple MacOS and other systems. The Cisco VPN Client software contains multiple security holes, which can be exploited by attackers to prevent the Cisco VPN Client software program from working properly. * An IKE packet containing more than 57 payloads can trigger VPN Client software buffer overflow. * When the VPN Client software receives a malformed data packet with a payload length of zero, the VPN Client software will occupy 100\\\\% of the CPU resources of the workstation. The Cisco bug ID for these vulnerabilities is CSCdy26045",
"sources": [
{
"db": "NVD",
"id": "CVE-2002-0852"
},
{
"db": "BID",
"id": "89546"
},
{
"db": "VULHUB",
"id": "VHN-5243"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2002-0852",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-200209-014",
"trust": 0.7
},
{
"db": "CISCO",
"id": "20020812 CISCO VPN CLIENT MULTIPLE VULNERABILITIES",
"trust": 0.6
},
{
"db": "BID",
"id": "89546",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-5243",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5243"
},
{
"db": "BID",
"id": "89546"
},
{
"db": "CNNVD",
"id": "CNNVD-200209-014"
},
{
"db": "NVD",
"id": "CVE-2002-0852"
}
]
},
"id": "VAR-200209-0032",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-5243"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-03T20:05:09.199000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-0852"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.cisco.com/warp/public/707/vpnclient-multiple-vuln-pub.shtml"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5243"
},
{
"db": "BID",
"id": "89546"
},
{
"db": "CNNVD",
"id": "CNNVD-200209-014"
},
{
"db": "NVD",
"id": "CVE-2002-0852"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-5243"
},
{
"db": "BID",
"id": "89546"
},
{
"db": "CNNVD",
"id": "CNNVD-200209-014"
},
{
"db": "NVD",
"id": "CVE-2002-0852"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-09-05T00:00:00",
"db": "VULHUB",
"id": "VHN-5243"
},
{
"date": "2002-09-05T00:00:00",
"db": "BID",
"id": "89546"
},
{
"date": "2002-08-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200209-014"
},
{
"date": "2002-09-05T04:00:00",
"db": "NVD",
"id": "CVE-2002-0852"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-10T00:00:00",
"db": "VULHUB",
"id": "VHN-5243"
},
{
"date": "2002-09-05T00:00:00",
"db": "BID",
"id": "89546"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200209-014"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2002-0852"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200209-014"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco VPN client Multiple security vulnerabilities",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200209-014"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "unknown",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200209-014"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…