Vulnerability Details : CVE-2002-0852
Buffer overflows in Cisco Virtual Private Network (VPN) Client 3.5.4 and earlier allows remote attackers to cause a denial of service via (1) an Internet Key Exchange (IKE) with a large Security Parameter Index (SPI) payload, or (2) an IKE packet with a large number of valid payloads.
Vulnerability category: Denial of service
Products affected by CVE-2002-0852
- cpe:2.3:a:cisco:vpn_client:3.5.1:*:linux:*:*:*:*:*
- cpe:2.3:a:cisco:vpn_client:3.5.1:*:mac_os_x:*:*:*:*:*
- cpe:2.3:a:cisco:vpn_client:3.5.1:*:solaris:*:*:*:*:*
- cpe:2.3:a:cisco:vpn_client:3.5.1:*:windows:*:*:*:*:*
- cpe:2.3:a:cisco:vpn_client:3.5.2:*:linux:*:*:*:*:*
- cpe:2.3:a:cisco:vpn_client:3.5.2:*:solaris:*:*:*:*:*
- cpe:2.3:a:cisco:vpn_client:3.5.2:*:mac_os_x:*:*:*:*:*
- cpe:2.3:a:cisco:vpn_client:3.5.2:*:windows:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2002-0852
0.16%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 52 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2002-0852
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
References for CVE-2002-0852
-
http://www.cisco.com/warp/public/707/vpnclient-multiple-vuln-pub.shtml
Patch;Vendor Advisory
Jump to