CVSS: 9.1EPSS: 0%CPEs: 13EXPL: 0CVE-2002-1107
https://notcve.org/view.php?id=CVE-2002-1107
04 Oct 2002 — Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.2B, does not generate sufficiently random numbers, which may make it vulnerable to certain attacks such as spoofing. • http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml •
CVSS: 7.5EPSS: 0%CPEs: 17EXPL: 0CVE-2002-1096
https://notcve.org/view.php?id=CVE-2002-1096
04 Oct 2002 — Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.1, allows restricted administrators to obtain user passwords that are stored in plaintext in HTML source code. • http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2002-1106
https://notcve.org/view.php?id=CVE-2002-1106
04 Oct 2002 — Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.1C, does not properly verify that certificate DN fields match those of the certificate from the VPN Concentrator, which allows remote attackers to conduct man-in-the-middle attacks. • http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml •
CVSS: 9.8EPSS: 0%CPEs: 20EXPL: 0CVE-2002-1098
https://notcve.org/view.php?id=CVE-2002-1098
04 Oct 2002 — Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, adds an "HTTPS on Public Inbound (XML-Auto)(forward/in)" rule but sets the protocol to "ANY" when the XML filter configuration is enabled, which ultimately allows arbitrary traffic to pass through the concentrator. • http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2002-1105
https://notcve.org/view.php?id=CVE-2002-1105
04 Oct 2002 — Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.1C, allows local users to use a utility program to obtain the group password. • http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml •
CVSS: 9.1EPSS: 0%CPEs: 9EXPL: 0CVE-2002-1108
https://notcve.org/view.php?id=CVE-2002-1108
04 Oct 2002 — Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.6(Rel), when configured with all tunnel mode, can be forced into acknowledging a TCP packet from outside the tunnel. • http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml •
CVSS: 7.5EPSS: 0%CPEs: 17EXPL: 0CVE-2002-1097
https://notcve.org/view.php?id=CVE-2002-1097
04 Oct 2002 — Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.2, allows restricted administrators to obtain certificate passwords that are stored in plaintext in the HTML source code for Certificate Management pages. • http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml •
CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 0CVE-2002-1094
https://notcve.org/view.php?id=CVE-2002-1094
10 Sep 2002 — Information leaks in Cisco VPN 3000 Concentrator 2.x.x and 3.x.x before 3.5.4 allow remote attackers to obtain potentially sensitive information via the (1) SSH banner, (2) FTP banner, or (3) an incorrect HTTP request. • http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml •
CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 0CVE-2002-1100
https://notcve.org/view.php?id=CVE-2002-1100
10 Sep 2002 — Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, allows remote attackers to cause a denial of service (crash) via a long (1) username or (2) password to the HTML login interface. • http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml •
CVSS: 7.5EPSS: 10%CPEs: 23EXPL: 1CVE-2002-1101 – Cisco VPN 3000 Series Concentrator Client - Authentication Denial of Service
https://notcve.org/view.php?id=CVE-2002-1101
10 Sep 2002 — Cisco VPN 3000 Concentrator 2.2.x, 3.6(Rel), and 3.x before 3.5.5, allows remote attackers to cause a denial of service via a long user name. • https://www.exploit-db.com/exploits/21770 •