CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2006-2679
https://notcve.org/view.php?id=CVE-2006-2679
31 May 2006 — Unspecified vulnerability in the VPN Client for Windows Graphical User Interface (GUI) (aka the VPN client dialer) in Cisco VPN Client for Windows 4.8.00.* and earlier, except for 4.7.00.0533, allows local authenticated, interactive users to gain privileges, possibly due to privileges of dialog boxes, aka bug ID CSCsd79265. • http://secunia.com/advisories/20261 •
CVSS: 9.8EPSS: 1%CPEs: 156EXPL: 0CVE-2005-4499
https://notcve.org/view.php?id=CVE-2005-4499
22 Dec 2005 — The Downloadable RADIUS ACLs feature in Cisco PIX and VPN 3000 concentrators, when creating an ACL on the Cisco Secure Access Control Server (CS ACS), generates a random internal name for an ACL that is also used as a hidden user name and password, which allows remote attackers to gain privileges by sniffing the username from the cleartext portion of a RADIUS session, then using the password to log in to another device that uses CS ACS. • http://secunia.com/advisories/18141 •
CVSS: 7.5EPSS: 0%CPEs: 45EXPL: 0CVE-2005-0943
https://notcve.org/view.php?id=CVE-2005-0943
30 Mar 2005 — Cisco VPN 3000 series Concentrator running firmware 4.1.7.A and earlier allows remote attackers to cause a denial of service (device reload or drop user connection) via a crafted HTTPS packet. • http://secunia.com/advisories/14784 •
CVSS: 7.5EPSS: 5%CPEs: 252EXPL: 0CVE-2004-0079
https://notcve.org/view.php?id=CVE-2004-0079
18 Mar 2004 — The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference. La función do_change_cipher_spec en OpenSSL 0.9.6c hasta 0.9.6.k y 0.9.7a hasta 0.9.7c permite que atacantes remotos provoquen una denegación de servicio (caída) mediante una hábil unión SSL/TLS que provoca un puntero nulo. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:05.openssl.asc • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 3%CPEs: 252EXPL: 0CVE-2004-0081
https://notcve.org/view.php?id=CVE-2004-0081
18 Mar 2004 — OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool. OpenSSL 0.9.6 anteriores a la 0.9.6d no manejan adecuadamente los tipos de mensajes desconocidos, lo que permite a atacantes remotos causar una denegación de servicios (por bucle infinito), como se demuestra utilizando la herramienta de testeo Codenomicon TLS. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt •
CVSS: 7.5EPSS: 0%CPEs: 23EXPL: 0CVE-2003-0258
https://notcve.org/view.php?id=CVE-2003-0258
08 May 2003 — Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 3.5.x through 4.0.REL, when enabling IPSec over TCP for a port on the concentrator, allow remote attackers to reach the private network without authentication. Concentradores de Cisco de la serie VPN 3000 y Cisco VPN 3002 Hardware Client 2.x.x hasta 4.0.REL, cuando se configuran para permitir IPSec sobre TCP para un puerto del concentrador, permiten que atacantes remotos alcancen la red privada sin autentificación. • http://www.cisco.com/warp/public/707/cisco-sa-20030507-vpn3k.shtml •
CVSS: 7.5EPSS: 0%CPEs: 36EXPL: 0CVE-2003-0259
https://notcve.org/view.php?id=CVE-2003-0259
08 May 2003 — Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 2.x.x through 3.6.7 allows remote attackers to cause a denial of service (reload) via a malformed SSH initialization packet. Concentradores de Cisco de la serie VPN 3000 y Cisco VPN 3002 Hardware Client 2.x.x hasta 3.6.7 permiten que atacantes remotos causen una denegación de servicio (recarga) mediante un paquete de inicialización SSH mal construído. • http://www.cisco.com/warp/public/707/cisco-sa-20030507-vpn3k.shtml •
CVSS: 7.5EPSS: 0%CPEs: 31EXPL: 0CVE-2003-0260
https://notcve.org/view.php?id=CVE-2003-0260
08 May 2003 — Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 2.x.x through 3.6.7A allow remote attackers to cause a denial of service (slowdown and possibly reload) via a flood of malformed ICMP packets. Concentradores de Cisco de la serie VPN 3000 y Cisco VPN 3002 Hardware Client 2.x.x hasta 3.6.7A permiten que atacantes remotos causen una denegación de servicio (ralentización y posiblemente recarga) mediante una inundación con paquetes ICMP mal construídos. • http://www.cisco.com/warp/public/707/cisco-sa-20030507-vpn3k.shtml •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2002-1491
https://notcve.org/view.php?id=CVE-2002-1491
02 Apr 2003 — The Cisco VPN 5000 Client for MacOS before 5.2.2 records the most recently used login password in plaintext when saving "Default Connection" settings, which could allow local users to gain privileges. El cliente Cisco VPN 5000 para MacOS anteriores a la 5.2.2 almacena las contraseñas de acceso más reciente en texto plano al guardar los parámetros de conexión por defecto (Default Connection), lo cual podría permitir a usuarios locales obtener privilegios. • http://www.cisco.com/warp/public/707/vpn5k-client-multiple-vuln-pub.shtml •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 3CVE-2002-1492 – Cisco VPN 5000 Client - Buffer Overrun
https://notcve.org/view.php?id=CVE-2002-1492
18 Mar 2003 — Buffer overflows in the Cisco VPN 5000 Client before 5.2.7 for Linux, and VPN 5000 Client before 5.2.8 for Solaris, allow local users to gain root privileges via (1) close_tunnel and (2) open_tunnel. Desbordamiento de búfer en el cliente Cisco VPN 5000 anteriores a la 5.2.7 para Linux y cliente VPN 5000 Client anteriores a la 5.2.8 para Solaris, permite a usuarios locales la obtención de privilegios de root mediante: close_tunnel y open_tunnel. • https://www.exploit-db.com/exploits/21805 •