5

CVE-2002-0848

Cisco VPN 5000 series concentrator hardware 6.0.21.0002 and earlier, and 5.2.23.0003 and earlier, when using RADIUS with a challenge type of Password Authentication Protocol (PAP) or Challenge, sends the user password in cleartext in a validation retry request, which could allow remote attackers to steal passwords via sniffing.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CiscoVpn 5000 Concentrator Series Software Version >= 5.2.14 <= 5.2.23.0003
   CiscoVpn 5000 Concentrator Version-
CiscoVpn 5000 Concentrator Series Software Version >= 6.0.15 <= 6.0.21.0002
   CiscoVpn 5000 Concentrator Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.12% 0.795
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.cisco.com/warp/public/707/vpn5k-radius-pap-vuln-pub.shtml
Patch
Vendor Advisory
http://www.iss.net/security_center/static/9781.php
Broken Link
http://www.securityfocus.com/bid/5417
Third Party Advisory
VDB Entry