CVE-2002-1094
First published: Tue Sep 10 2002(Updated: )
Information leaks in Cisco VPN 3000 Concentrator 2.x.x and 3.x.x before 3.5.4 allow remote attackers to obtain potentially sensitive information via the (1) SSH banner, (2) FTP banner, or (3) an incorrect HTTP request.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco VPN 3000 concentrator series software | =2.0 | |
| Cisco VPN 3000 concentrator series software | =2.5.2.a | |
| Cisco VPN 3000 concentrator series software | =2.5.2.b | |
| Cisco VPN 3000 concentrator series software | =2.5.2.c | |
| Cisco VPN 3000 concentrator series software | =2.5.2.d | |
| Cisco VPN 3000 concentrator series software | =2.5.2.f | |
| Cisco VPN 3000 concentrator series software | =3.0 | |
| Cisco VPN 3000 concentrator series software | =3.0\(rel\) | |
| Cisco VPN 3000 concentrator series software | =3.0.3.a | |
| Cisco VPN 3000 concentrator series software | =3.0.3.b | |
| Cisco VPN 3000 concentrator series software | =3.0.4 | |
| Cisco VPN 3000 concentrator series software | =3.1\(rel\) | |
| Cisco VPN 3000 concentrator series software | =3.1.1 | |
| Cisco VPN 3000 concentrator series software | =3.1.2 | |
| Cisco VPN 3000 concentrator series software | =3.1.4 | |
| Cisco VPN 3000 concentrator series software | =3.5\(rel\) | |
| Cisco VPN 3000 concentrator series software | =3.5.1 | |
| Cisco VPN 3000 concentrator series software | =3.5.2 | |
| Cisco VPN 3000 concentrator series software | =3.5.3 | |
| Cisco VPN 3002 Hardware Client |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2002-1094?
CVE-2002-1094 is classified as a medium severity vulnerability due to its potential to leak sensitive information.
How do I fix CVE-2002-1094?
To fix CVE-2002-1094, upgrade the Cisco VPN 3000 Concentrator software to version 3.5.4 or later.
What types of information can be leaked by CVE-2002-1094?
CVE-2002-1094 can leak information through SSH and FTP banners and via incorrect HTTP requests.
Which versions of Cisco VPN 3000 Concentrator are affected by CVE-2002-1094?
CVE-2002-1094 affects Cisco VPN 3000 Concentrator software versions prior to 3.5.4.
Can CVE-2002-1094 be exploited remotely?
Yes, CVE-2002-1094 can be exploited remotely by attackers to obtain sensitive information.
- collector/nvd-historical
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/author
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco vpn 3000 concentrator series software
- version/cisco vpn 3000 concentrator series software/2.0
- version/cisco vpn 3000 concentrator series software/2.5.2.a
- version/cisco vpn 3000 concentrator series software/2.5.2.b
- version/cisco vpn 3000 concentrator series software/2.5.2.c
- version/cisco vpn 3000 concentrator series software/2.5.2.d
- version/cisco vpn 3000 concentrator series software/2.5.2.f
- version/cisco vpn 3000 concentrator series software/3.0
- version/cisco vpn 3000 concentrator series software/3.0\(rel\)
- version/cisco vpn 3000 concentrator series software/3.0.3.a
- version/cisco vpn 3000 concentrator series software/3.0.3.b
- version/cisco vpn 3000 concentrator series software/3.0.4
- version/cisco vpn 3000 concentrator series software/3.1\(rel\)
- version/cisco vpn 3000 concentrator series software/3.1.1
- version/cisco vpn 3000 concentrator series software/3.1.2
- version/cisco vpn 3000 concentrator series software/3.1.4
- version/cisco vpn 3000 concentrator series software/3.5\(rel\)
- version/cisco vpn 3000 concentrator series software/3.5.1
- version/cisco vpn 3000 concentrator series software/3.5.2
- version/cisco vpn 3000 concentrator series software/3.5.3
- canonical/cisco vpn 3002 hardware client