CVE-2002-1106

high

Description

Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.1C, does not properly verify that certificate DN fields match those of the certificate from the VPN Concentrator, which allows remote attackers to conduct man-in-the-middle attacks.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/10045

http://www.securityfocus.com/bid/5652

http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml

Details

Source: Mitre, NVD

Published: 2002-10-04

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 7.4

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: High

EPSS

EPSS: 0.00387