CVE-2002-1106 — HIGH severity vulnerability (Cisco Virtual Private Network (VPN) Client software 2.x.x, a)
Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.1C, does not properly verify that certificate DN fields match those of the certificate from the VPN Concentrator, which allows remote attackers to conduct man-in-the-middle attacks.
| CVE ID | CVE-2002-1106 |
|---|---|
| Severity | HIGH |
| CVSS score | 7.5 |
| CVSS vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
| CWE | NVD-CWE-Other |
| Status | Modified |
| Published | 2002-10-04 |
| Last modified | 2026-04-16 |
| Description | Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.1C, does not properly verify that certificate DN fields match those of the certificate from the VPN Concentrator, which allows remote attackers to conduct man-in-the-middle attacks. |
| Source | NIST National Vulnerability Database |
🔍 Search all vulnerabilities →
$999/mo
Try CVECheck →