Vulnerability Details CVE-2002-0848
Cisco VPN 5000 series concentrator hardware 6.0.21.0002 and earlier, and 5.2.23.0003 and earlier, when using RADIUS with a challenge type of Password Authentication Protocol (PAP) or Challenge, sends the user password in cleartext in a validation retry request, which could allow remote attackers to steal passwords via sniffing.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 72.1%
CVSS Severity
CVSS v2 Score 5.0
References
- http://www.cisco.com/warp/public/707/vpn5k-radius-pap-vuln-pub.shtml
- http://www.iss.net/security_center/static/9781.php
- http://www.securityfocus.com/bid/5417
- http://www.cisco.com/warp/public/707/vpn5k-radius-pap-vuln-pub.shtml
- http://www.iss.net/security_center/static/9781.php
- http://www.securityfocus.com/bid/5417
Products affected by CVE-2002-0848
-
cpe:2.3:h:cisco:vpn_5000_concentrator:-
-
cpe:2.3:o:cisco:vpn_5000_concentrator_series_software:5.2.14
-
cpe:2.3:o:cisco:vpn_5000_concentrator_series_software:5.2.15
-
cpe:2.3:o:cisco:vpn_5000_concentrator_series_software:5.2.16
-
cpe:2.3:o:cisco:vpn_5000_concentrator_series_software:5.2.19
-
cpe:2.3:o:cisco:vpn_5000_concentrator_series_software:5.2.20
-
cpe:2.3:o:cisco:vpn_5000_concentrator_series_software:5.2.21
-
cpe:2.3:o:cisco:vpn_5000_concentrator_series_software:5.2.22
-
cpe:2.3:o:cisco:vpn_5000_concentrator_series_software:5.2.23.0001
-
cpe:2.3:o:cisco:vpn_5000_concentrator_series_software:5.2.23.0003
-
cpe:2.3:o:cisco:vpn_5000_concentrator_series_software:6.0.15
-
cpe:2.3:o:cisco:vpn_5000_concentrator_series_software:6.0.16
-
cpe:2.3:o:cisco:vpn_5000_concentrator_series_software:6.0.17
-
cpe:2.3:o:cisco:vpn_5000_concentrator_series_software:6.0.18
-
cpe:2.3:o:cisco:vpn_5000_concentrator_series_software:6.0.19
-
cpe:2.3:o:cisco:vpn_5000_concentrator_series_software:6.0.20
-
cpe:2.3:o:cisco:vpn_5000_concentrator_series_software:6.0.21.0001
-
cpe:2.3:o:cisco:vpn_5000_concentrator_series_software:6.0.21.0002