CVE-2002-0848
Last modified
CVE-2002-0848 is a vulnerability of currently unknown severity. Cisco VPN 5000 series concentrator hardware 6.0.21.0002 and earlier, and 5.2.23.0003 and earlier, when using RADIUS with a challenge type of Password Authentication Protocol (PAP) or Challenge, sends the user password in cleartext in a validation retry request, which could allow remote attackers to steal passwords via sniffing.. EPSS estimates a 2.12% chance of exploitation in the next 30 days.
Description
Cisco VPN 5000 series concentrator hardware 6.0.21.0002 and earlier, and 5.2.23.0003 and earlier, when using RADIUS with a challenge type of Password Authentication Protocol (PAP) or Challenge, sends the user password in cleartext in a validation retry request, which could allow remote attackers to steal passwords via sniffing.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Vpn 5000 Concentrator Series Software | >= 5.2.14, <= 5.2.23.0003 |
| Cisco | Vpn 5000 Concentrator Series Software | >= 6.0.15, <= 6.0.21.0002 |
References
- http://www.cisco.com/warp/public/707/vpn5k-radius-pap-vuln-pub.shtmlPatch, Vendor Advisory
- http://www.securityfocus.com/bid/5417Third Party Advisory, VDB Entry
- http://www.cisco.com/warp/public/707/vpn5k-radius-pap-vuln-pub.shtmlPatch, Vendor Advisory
- http://www.securityfocus.com/bid/5417Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2002-0848?
How severe is CVE-2002-0848?
How do I fix CVE-2002-0848?
Are you affected by CVE-2002-0848?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST