VAR-200210-0279
Vulnerability from variot - Updated: 2025-04-03 22:14Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.6(Rel), when configured with all tunnel mode, can be forced into acknowledging a TCP packet from outside the tunnel. This has the potential to leak information about the client system to attackers. This issue does not occur if "split tunneling mode" is enabled. Furthermore, 3.5.x releases of the client are not prone to this issue if the firewall is configured to run in "always on" mode. The 3.6(Rel) version of the client is prone to this issue even under circumstances where the firewall is run in "always on" mode. It can be used under the Microsoft Windows operating system, and can also be used under the Linux operating system. affected by this vulnerability. CISCO designated this vulnerability number as: CSCdy37058
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200210-0279",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vpn client",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "3.1"
},
{
"model": "vpn client",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "2.0"
},
{
"model": "vpn client",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "3.0"
},
{
"model": "vpn client",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "3.5.1"
},
{
"model": "vpn client",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "3.5.1c"
},
{
"model": "vpn client",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "3.0.5"
},
{
"model": "vpn client for windows",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "3.6"
},
{
"model": "vpn client for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.5.2"
},
{
"model": "vpn client for windows c",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.5.1"
},
{
"model": "vpn client for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.5.1"
},
{
"model": "vpn client for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.1"
},
{
"model": "vpn client for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.0.5"
},
{
"model": "vpn client for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.0"
},
{
"model": "vpn client for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.0"
},
{
"model": "vpn client for solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.6"
},
{
"model": "vpn client for solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.5.2"
},
{
"model": "vpn client for solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.5.1"
},
{
"model": "vpn client for mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "x3.6"
},
{
"model": "vpn client for mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "x3.5.2"
},
{
"model": "vpn client for mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "x3.5.1"
},
{
"model": "vpn client for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.6"
},
{
"model": "vpn client for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.5.2"
},
{
"model": "vpn client for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.5.1"
},
{
"model": "vpn client for windows",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "3.6.1"
},
{
"model": "vpn client for windows",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "3.5.4"
},
{
"model": "vpn client for solaris",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "3.6.1"
},
{
"model": "vpn client for solaris",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "3.5.4"
},
{
"model": "vpn client for mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "x3.6.1"
},
{
"model": "vpn client for mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "x3.5.4"
},
{
"model": "vpn client for linux",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "3.6.1"
},
{
"model": "vpn client for linux",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "3.5.4"
}
],
"sources": [
{
"db": "BID",
"id": "5651"
},
{
"db": "CNNVD",
"id": "CNNVD-200210-063"
},
{
"db": "NVD",
"id": "CVE-2002-1108"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Security Advisory",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200210-063"
}
],
"trust": 0.6
},
"cve": "CVE-2002-1108",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2002-1108",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-5496",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2002-1108",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200210-063",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-5496",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5496"
},
{
"db": "CNNVD",
"id": "CNNVD-200210-063"
},
{
"db": "NVD",
"id": "CVE-2002-1108"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.6(Rel), when configured with all tunnel mode, can be forced into acknowledging a TCP packet from outside the tunnel. This has the potential to leak information about the client system to attackers. \nThis issue does not occur if \"split tunneling mode\" is enabled. Furthermore, 3.5.x releases of the client are not prone to this issue if the firewall is configured to run in \"always on\" mode. The 3.6(Rel) version of the client is prone to this issue even under circumstances where the firewall is run in \"always on\" mode. It can be used under the Microsoft Windows operating system, and can also be used under the Linux operating system. affected by this vulnerability. CISCO designated this vulnerability number as: CSCdy37058",
"sources": [
{
"db": "NVD",
"id": "CVE-2002-1108"
},
{
"db": "BID",
"id": "5651"
},
{
"db": "VULHUB",
"id": "VHN-5496"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "5651",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-2002-1108",
"trust": 1.7
},
{
"db": "CISCO",
"id": "20020905 CISCO VPN CLIENT MULTIPLE VULNERABILITIES - SECOND SET",
"trust": 0.6
},
{
"db": "XF",
"id": "10047",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200210-063",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-5496",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5496"
},
{
"db": "BID",
"id": "5651"
},
{
"db": "CNNVD",
"id": "CNNVD-200210-063"
},
{
"db": "NVD",
"id": "CVE-2002-1108"
}
]
},
"id": "VAR-200210-0279",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-5496"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-03T22:14:11.645000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-1108"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/5651"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10047"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/10047"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5496"
},
{
"db": "BID",
"id": "5651"
},
{
"db": "CNNVD",
"id": "CNNVD-200210-063"
},
{
"db": "NVD",
"id": "CVE-2002-1108"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-5496"
},
{
"db": "BID",
"id": "5651"
},
{
"db": "CNNVD",
"id": "CNNVD-200210-063"
},
{
"db": "NVD",
"id": "CVE-2002-1108"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-10-04T00:00:00",
"db": "VULHUB",
"id": "VHN-5496"
},
{
"date": "2002-09-05T00:00:00",
"db": "BID",
"id": "5651"
},
{
"date": "2002-09-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200210-063"
},
{
"date": "2002-10-04T04:00:00",
"db": "NVD",
"id": "CVE-2002-1108"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-10T00:00:00",
"db": "VULHUB",
"id": "VHN-5496"
},
{
"date": "2002-09-05T00:00:00",
"db": "BID",
"id": "5651"
},
{
"date": "2005-05-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200210-063"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2002-1108"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200210-063"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco VPN Client TCP Filter leak vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200210-063"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "unknown",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200210-063"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…