VAR-200210-0278
Vulnerability from variot - Updated: 2025-04-03 22:14Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.2B, does not generate sufficiently random numbers, which may make it vulnerable to certain attacks such as spoofing. Cisco has reported that random number generation has been improved in Cisco VPN Client. Weak random number generation may present a security vulnerability to users of the client software, as it may be possible under some circumstances for attackers to anticipate numbers that are generated by the software. If an attacker can anticipate TCP sequence numbers for VPN sessions, it may be possible to mount man-in-the-middle attacks against a connection or possible inject packets into a connection. The attacker may need to be within the VPN to exploit this issue. It can be used under the Microsoft Windows operating system, and can also be used under the Linux operating system. A remote attacker can exploit this vulnerability to attack via the Man-In-Middle method or insert packets into an existing connection. Or remote unauthorized access to the VPN concentrator. CISCO designated this vulnerability number as: CSCdx89416
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200210-0278",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vpn client",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "3.1"
},
{
"model": "vpn client",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "3.5.2"
},
{
"model": "vpn client",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "3.5.1"
},
{
"model": "vpn client",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "3.5.1c"
},
{
"model": "vpn client",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "3.0.5"
},
{
"model": "vpn client",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0"
},
{
"model": "vpn client",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0"
},
{
"model": "vpn client for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.5.2"
},
{
"model": "vpn client for windows c",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.5.1"
},
{
"model": "vpn client for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.5.1"
},
{
"model": "vpn client for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.1"
},
{
"model": "vpn client for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.0.5"
},
{
"model": "vpn client for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.0"
},
{
"model": "vpn client for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.0"
},
{
"model": "vpn client for solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.5.2"
},
{
"model": "vpn client for solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.5.1"
},
{
"model": "vpn client for mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "x3.5.2"
},
{
"model": "vpn client for mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "x3.5.1"
},
{
"model": "vpn client for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.5.2"
},
{
"model": "vpn client for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.5.1"
},
{
"model": "vpn client for windows b",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "3.5.2"
},
{
"model": "vpn client for solaris b",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "3.5.2"
},
{
"model": "vpn client for mac os b",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "x3.5.2"
},
{
"model": "vpn client for linux b",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "3.5.2"
}
],
"sources": [
{
"db": "BID",
"id": "5653"
},
{
"db": "CNNVD",
"id": "CNNVD-200210-047"
},
{
"db": "NVD",
"id": "CVE-2002-1107"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Security Advisory",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200210-047"
}
],
"trust": 0.6
},
"cve": "CVE-2002-1107",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2002-1107",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-5495",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2002-1107",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200210-047",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-5495",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5495"
},
{
"db": "CNNVD",
"id": "CNNVD-200210-047"
},
{
"db": "NVD",
"id": "CVE-2002-1107"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.2B, does not generate sufficiently random numbers, which may make it vulnerable to certain attacks such as spoofing. Cisco has reported that random number generation has been improved in Cisco VPN Client. Weak random number generation may present a security vulnerability to users of the client software, as it may be possible under some circumstances for attackers to anticipate numbers that are generated by the software. \nIf an attacker can anticipate TCP sequence numbers for VPN sessions, it may be possible to mount man-in-the-middle attacks against a connection or possible inject packets into a connection. The attacker may need to be within the VPN to exploit this issue. It can be used under the Microsoft Windows operating system, and can also be used under the Linux operating system. A remote attacker can exploit this vulnerability to attack via the Man-In-Middle method or insert packets into an existing connection. Or remote unauthorized access to the VPN concentrator. CISCO designated this vulnerability number as: CSCdx89416",
"sources": [
{
"db": "NVD",
"id": "CVE-2002-1107"
},
{
"db": "BID",
"id": "5653"
},
{
"db": "VULHUB",
"id": "VHN-5495"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "5653",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-2002-1107",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200210-047",
"trust": 0.7
},
{
"db": "CISCO",
"id": "20020905 CISCO VPN CLIENT MULTIPLE VULNERABILITIES - SECOND SET",
"trust": 0.6
},
{
"db": "XF",
"id": "10046",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-5495",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5495"
},
{
"db": "BID",
"id": "5653"
},
{
"db": "CNNVD",
"id": "CNNVD-200210-047"
},
{
"db": "NVD",
"id": "CVE-2002-1107"
}
]
},
"id": "VAR-200210-0278",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-5495"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-03T22:14:11.669000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-1107"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/5653"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10046"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/10046"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5495"
},
{
"db": "BID",
"id": "5653"
},
{
"db": "CNNVD",
"id": "CNNVD-200210-047"
},
{
"db": "NVD",
"id": "CVE-2002-1107"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-5495"
},
{
"db": "BID",
"id": "5653"
},
{
"db": "CNNVD",
"id": "CNNVD-200210-047"
},
{
"db": "NVD",
"id": "CVE-2002-1107"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-10-04T00:00:00",
"db": "VULHUB",
"id": "VHN-5495"
},
{
"date": "2002-09-05T00:00:00",
"db": "BID",
"id": "5653"
},
{
"date": "2002-09-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200210-047"
},
{
"date": "2002-10-04T04:00:00",
"db": "NVD",
"id": "CVE-2002-1107"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-10T00:00:00",
"db": "VULHUB",
"id": "VHN-5495"
},
{
"date": "2002-09-05T00:00:00",
"db": "BID",
"id": "5653"
},
{
"date": "2005-05-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200210-047"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2002-1107"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200210-047"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco VPN Client Serial Number Predictable Vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200210-047"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "unknown",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200210-047"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…