← CVECheck
HomeVulnerabilities

CVE-2002-1106 — HIGH severity vulnerability (Cisco Virtual Private Network (VPN) Client software 2.x.x, a)

Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.1C, does not properly verify that certificate DN fields match those of the certificate from the VPN Concentrator, which allows remote attackers to conduct man-in-the-middle attacks.

CVE IDCVE-2002-1106
SeverityHIGH
CVSS score7.5
CVSS vectorAV:N/AC:L/Au:N/C:P/I:P/A:P
CWENVD-CWE-Other
StatusModified
Published2002-10-04
Last modified2026-04-16
DescriptionCisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.1C, does not properly verify that certificate DN fields match those of the certificate from the VPN Concentrator, which allows remote attackers to conduct man-in-the-middle attacks.
SourceNIST National Vulnerability Database

🔍 Search all vulnerabilities →