Vulnerability-Lookup

CVE-2002-0853 (GCVE-0-2002-0853)

Vulnerability from cvelistv5 – Published: 2003-04-02 05:00 – Updated: 2024-08-08 03:03

Summary

Cisco Virtual Private Network (VPN) Client 3.5.4 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a packet with a zero-length payload.

Severity

No CVSS data available.

CWE

Assigner

mitre

References

4 references

URL	Tags
http://www.cisco.com/warp/public/707/vpnclient-mu…	vendor-advisoryx_refsource_CISCO
http://www.kb.cert.org/vuls/id/287771	third-party-advisoryx_refsource_CERT-VN
http://www.securityfocus.com/bid/5440	vdb-entryx_refsource_BID
http://www.iss.net/security_center/static/9821.php	vdb-entryx_refsource_XF

Date Public

2002-08-12 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T03:03:48.906Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20020812 Cisco VPN Client Multiple Vulnerabilities",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/warp/public/707/vpnclient-multiple-vuln-pub.shtml"
          },
          {
            "name": "VU#287771",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/287771"
          },
          {
            "name": "5440",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/5440"
          },
          {
            "name": "cisco-vpn-zerolength-dos(9821)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "http://www.iss.net/security_center/static/9821.php"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2002-08-12T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cisco Virtual Private Network (VPN) Client 3.5.4 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a packet with a zero-length payload."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2003-03-25T00:00:00.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20020812 Cisco VPN Client Multiple Vulnerabilities",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/warp/public/707/vpnclient-multiple-vuln-pub.shtml"
        },
        {
          "name": "VU#287771",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/287771"
        },
        {
          "name": "5440",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/5440"
        },
        {
          "name": "cisco-vpn-zerolength-dos(9821)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "http://www.iss.net/security_center/static/9821.php"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2002-0853",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cisco Virtual Private Network (VPN) Client 3.5.4 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a packet with a zero-length payload."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20020812 Cisco VPN Client Multiple Vulnerabilities",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/warp/public/707/vpnclient-multiple-vuln-pub.shtml"
            },
            {
              "name": "VU#287771",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/287771"
            },
            {
              "name": "5440",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/5440"
            },
            {
              "name": "cisco-vpn-zerolength-dos(9821)",
              "refsource": "XF",
              "url": "http://www.iss.net/security_center/static/9821.php"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2002-0853",
    "datePublished": "2003-04-02T05:00:00.000Z",
    "dateReserved": "2002-08-12T00:00:00.000Z",
    "dateUpdated": "2024-08-08T03:03:48.906Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2002-0853",
      "date": "2026-06-28",
      "epss": "0.02155",
      "percentile": "0.79874"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:vpn_client:3.5.1:*:linux:*:*:*:*:*\", \"matchCriteriaId\": \"2BD00D0A-EB6E-41AA-851D-9DD258E23BEA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:vpn_client:3.5.1:*:mac_os_x:*:*:*:*:*\", \"matchCriteriaId\": \"3FB66EB9-9FE9-4B13-9E5F-E9DEDCD0E3C3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:vpn_client:3.5.1:*:solaris:*:*:*:*:*\", \"matchCriteriaId\": \"88EB557F-33CD-40FE-B470-04F93CB2F3E3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:vpn_client:3.5.1:*:windows:*:*:*:*:*\", \"matchCriteriaId\": \"59938F7D-5F64-4FC0-A5B2-C798AF297130\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:vpn_client:3.5.2:*:linux:*:*:*:*:*\", \"matchCriteriaId\": \"F2EEB23E-4592-49A1-BDC6-110580340AAD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:vpn_client:3.5.2:*:mac_os_x:*:*:*:*:*\", \"matchCriteriaId\": \"D548CEFE-1970-42D3-9039-196A3B5F5D0B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:vpn_client:3.5.2:*:solaris:*:*:*:*:*\", \"matchCriteriaId\": \"2D4BDB9B-99D8-42B7-8D57-2B57029220F1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:vpn_client:3.5.2:*:windows:*:*:*:*:*\", \"matchCriteriaId\": \"2288FB91-4607-417D-8658-E1B8090BE40A\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Cisco Virtual Private Network (VPN) Client 3.5.4 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a packet with a zero-length payload.\"}, {\"lang\": \"es\", \"value\": \"El Cliente de Red Privada Virtual (VPN) de Cisco 3.5.4 y anteriores permite a atacantes remotos causar una denegaci\\u00f3n de servicio (consumici\\u00f3n de CPU) mediante un paquete con una carga \\u00fatil de longitud cero.\"}]",
      "id": "CVE-2002-0853",
      "lastModified": "2024-11-20T23:40:02.007",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:P\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2002-09-05T04:00:00.000",
      "references": "[{\"url\": \"http://www.cisco.com/warp/public/707/vpnclient-multiple-vuln-pub.shtml\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.iss.net/security_center/static/9821.php\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/287771\", \"source\": \"cve@mitre.org\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.securityfocus.com/bid/5440\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.cisco.com/warp/public/707/vpnclient-multiple-vuln-pub.shtml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.iss.net/security_center/static/9821.php\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/287771\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.securityfocus.com/bid/5440\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2002-0853\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2002-09-05T04:00:00.000\",\"lastModified\":\"2026-04-16T00:27:16.627\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cisco Virtual Private Network (VPN) Client 3.5.4 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a packet with a zero-length payload.\"},{\"lang\":\"es\",\"value\":\"El Cliente de Red Privada Virtual (VPN) de Cisco 3.5.4 y anteriores permite a atacantes remotos causar una denegaci\u00f3n de servicio (consumici\u00f3n de CPU) mediante un paquete con una carga \u00fatil de longitud cero.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:vpn_client:3.5.1:*:linux:*:*:*:*:*\",\"matchCriteriaId\":\"2BD00D0A-EB6E-41AA-851D-9DD258E23BEA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:vpn_client:3.5.1:*:mac_os_x:*:*:*:*:*\",\"matchCriteriaId\":\"3FB66EB9-9FE9-4B13-9E5F-E9DEDCD0E3C3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:vpn_client:3.5.1:*:solaris:*:*:*:*:*\",\"matchCriteriaId\":\"88EB557F-33CD-40FE-B470-04F93CB2F3E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:vpn_client:3.5.1:*:windows:*:*:*:*:*\",\"matchCriteriaId\":\"59938F7D-5F64-4FC0-A5B2-C798AF297130\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:vpn_client:3.5.2:*:linux:*:*:*:*:*\",\"matchCriteriaId\":\"F2EEB23E-4592-49A1-BDC6-110580340AAD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:vpn_client:3.5.2:*:mac_os_x:*:*:*:*:*\",\"matchCriteriaId\":\"D548CEFE-1970-42D3-9039-196A3B5F5D0B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:vpn_client:3.5.2:*:solaris:*:*:*:*:*\",\"matchCriteriaId\":\"2D4BDB9B-99D8-42B7-8D57-2B57029220F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:vpn_client:3.5.2:*:windows:*:*:*:*:*\",\"matchCriteriaId\":\"2288FB91-4607-417D-8658-E1B8090BE40A\"}]}]}],\"references\":[{\"url\":\"http://www.cisco.com/warp/public/707/vpnclient-multiple-vuln-pub.shtml\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.iss.net/security_center/static/9821.php\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.kb.cert.org/vuls/id/287771\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/bid/5440\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.cisco.com/warp/public/707/vpnclient-multiple-vuln-pub.shtml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.iss.net/security_center/static/9821.php\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.kb.cert.org/vuls/id/287771\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/bid/5440\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

FKIE_CVE-2002-0853

Vulnerability from fkie_nvd - Published: 2002-09-05 04:00 - Updated: 2026-06-16 21:58

Severity

Summary

Cisco Virtual Private Network (VPN) Client 3.5.4 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a packet with a zero-length payload.

References

URL	Tags
cve@mitre.org	http://www.cisco.com/warp/public/707/vpnclient-multiple-vuln-pub.shtml	Patch, Vendor Advisory
cve@mitre.org	http://www.iss.net/security_center/static/9821.php
cve@mitre.org	http://www.kb.cert.org/vuls/id/287771	US Government Resource
cve@mitre.org	http://www.securityfocus.com/bid/5440
af854a3a-2127-422b-91ae-364da2661108	http://www.cisco.com/warp/public/707/vpnclient-multiple-vuln-pub.shtml	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.iss.net/security_center/static/9821.php
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/287771	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/5440

Impacted products

Vendor	Product	Version
cisco	vpn_client	3.5.1
cisco	vpn_client	3.5.1
cisco	vpn_client	3.5.1
cisco	vpn_client	3.5.1
cisco	vpn_client	3.5.2
cisco	vpn_client	3.5.2
cisco	vpn_client	3.5.2
cisco	vpn_client	3.5.2

JSON

To clipboard

{
  "affected": [
    {
      "affectedData": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "source": "cve@mitre.org"
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:vpn_client:3.5.1:*:linux:*:*:*:*:*",
              "matchCriteriaId": "2BD00D0A-EB6E-41AA-851D-9DD258E23BEA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:vpn_client:3.5.1:*:mac_os_x:*:*:*:*:*",
              "matchCriteriaId": "3FB66EB9-9FE9-4B13-9E5F-E9DEDCD0E3C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:vpn_client:3.5.1:*:solaris:*:*:*:*:*",
              "matchCriteriaId": "88EB557F-33CD-40FE-B470-04F93CB2F3E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:vpn_client:3.5.1:*:windows:*:*:*:*:*",
              "matchCriteriaId": "59938F7D-5F64-4FC0-A5B2-C798AF297130",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:vpn_client:3.5.2:*:linux:*:*:*:*:*",
              "matchCriteriaId": "F2EEB23E-4592-49A1-BDC6-110580340AAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:vpn_client:3.5.2:*:mac_os_x:*:*:*:*:*",
              "matchCriteriaId": "D548CEFE-1970-42D3-9039-196A3B5F5D0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:vpn_client:3.5.2:*:solaris:*:*:*:*:*",
              "matchCriteriaId": "2D4BDB9B-99D8-42B7-8D57-2B57029220F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:vpn_client:3.5.2:*:windows:*:*:*:*:*",
              "matchCriteriaId": "2288FB91-4607-417D-8658-E1B8090BE40A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cisco Virtual Private Network (VPN) Client 3.5.4 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a packet with a zero-length payload."
    },
    {
      "lang": "es",
      "value": "El Cliente de Red Privada Virtual (VPN) de Cisco 3.5.4 y anteriores permite a atacantes remotos causar una denegaci\u00f3n de servicio (consumici\u00f3n de CPU) mediante un paquete con una carga \u00fatil de longitud cero."
    }
  ],
  "id": "CVE-2002-0853",
  "lastModified": "2026-06-16T21:58:16.100",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2002-09-05T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/warp/public/707/vpnclient-multiple-vuln-pub.shtml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.iss.net/security_center/static/9821.php"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/287771"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/5440"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/warp/public/707/vpnclient-multiple-vuln-pub.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.iss.net/security_center/static/9821.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/287771"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/5440"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-5PPW-9F97-JJPJ

Vulnerability from github – Published: 2022-04-30 18:20 – Updated: 2022-04-30 18:20

Details

Cisco Virtual Private Network (VPN) Client 3.5.4 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a packet with a zero-length payload.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2002-0853"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2002-09-05T04:00:00Z",
    "severity": "MODERATE"
  },
  "details": "Cisco Virtual Private Network (VPN) Client 3.5.4 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a packet with a zero-length payload.",
  "id": "GHSA-5ppw-9f97-jjpj",
  "modified": "2022-04-30T18:20:03Z",
  "published": "2022-04-30T18:20:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0853"
    },
    {
      "type": "WEB",
      "url": "http://www.cisco.com/warp/public/707/vpnclient-multiple-vuln-pub.shtml"
    },
    {
      "type": "WEB",
      "url": "http://www.iss.net/security_center/static/9821.php"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/287771"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/5440"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2002-0853

Vulnerability from gsd - Updated: 2023-12-13 01:24

Details

Cisco Virtual Private Network (VPN) Client 3.5.4 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a packet with a zero-length payload.

Aliases

CVE-2002-0853

Aliases

CVE-2002-0853

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2002-0853",
    "description": "Cisco Virtual Private Network (VPN) Client 3.5.4 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a packet with a zero-length payload.",
    "id": "GSD-2002-0853"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2002-0853"
      ],
      "details": "Cisco Virtual Private Network (VPN) Client 3.5.4 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a packet with a zero-length payload.",
      "id": "GSD-2002-0853",
      "modified": "2023-12-13T01:24:05.345222Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2002-0853",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cisco Virtual Private Network (VPN) Client 3.5.4 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a packet with a zero-length payload."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20020812 Cisco VPN Client Multiple Vulnerabilities",
            "refsource": "CISCO",
            "url": "http://www.cisco.com/warp/public/707/vpnclient-multiple-vuln-pub.shtml"
          },
          {
            "name": "VU#287771",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/287771"
          },
          {
            "name": "5440",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/5440"
          },
          {
            "name": "cisco-vpn-zerolength-dos(9821)",
            "refsource": "XF",
            "url": "http://www.iss.net/security_center/static/9821.php"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:vpn_client:3.5.1:*:linux:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:vpn_client:3.5.1:*:mac_os_x:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:vpn_client:3.5.1:*:solaris:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:vpn_client:3.5.2:*:windows:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:vpn_client:3.5.2:*:linux:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:vpn_client:3.5.2:*:solaris:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:vpn_client:3.5.1:*:windows:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:vpn_client:3.5.2:*:mac_os_x:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2002-0853"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cisco Virtual Private Network (VPN) Client 3.5.4 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a packet with a zero-length payload."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20020812 Cisco VPN Client Multiple Vulnerabilities",
              "refsource": "CISCO",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.cisco.com/warp/public/707/vpnclient-multiple-vuln-pub.shtml"
            },
            {
              "name": "VU#287771",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/287771"
            },
            {
              "name": "cisco-vpn-zerolength-dos(9821)",
              "refsource": "XF",
              "tags": [],
              "url": "http://www.iss.net/security_center/static/9821.php"
            },
            {
              "name": "5440",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/5440"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2008-09-10T19:13Z",
      "publishedDate": "2002-09-05T04:00Z"
    }
  }
}

VAR-200209-0033

Vulnerability from variot - Updated: 2023-12-18 10:59

Cisco Virtual Private Network (VPN) Client 3.5.4 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a packet with a zero-length payload. Internet Key Exchange (IKE) implementations from several vendors contain buffer overflows and denial-of-service conditions. The buffer overflow vulnerabilities could permit an attacker to execute arbitrary code on a vulnerable system. This is reported to cause the daemon to crash. This issue may be related to the multiple IKE implementation vulnerabilities described in CERT/CC Vulnerability Note VU#287771. Other vendor products are reported to be affected by similar issues. There are currently not enough details available to determine if PGPFreeware is affected by any of these specific issues. This issue was reported in PGPFreeware 7.03 running on Windows NT 4.0 SP6. The Cisco VPN Client is prone to a remotely exploitable buffer overflow condition. It is possible to trigger this condition by sending malformed IKE packets to the client. The overflow occurs when the Security Parameter Index payload of the IKE packet is longer than 16 bytes in length. It is possible that exploitation of this vulnerability may affect availability of the client, resulting in a denial of service condition. This issue is reported to be exploitable when the client software is operating in Aggressive Mode during a phase 1 IKE exchange. This vulnerability affects versions of the client on all platforms. When vulnerable clients receive a specific IKE packet with a zero length payload, the VPN client will consume all available processor time. The Cisco bug ID for these vulnerabilities is CSCdy26045

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200209-0033",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "vpn client",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "3.5.2"
      },
      {
        "model": "vpn client",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "3.5.1"
      },
      {
        "model": "vpn client for windows",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "cisco",
        "version": "3.5.1"
      },
      {
        "model": "vpn client for solaris",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "cisco",
        "version": "3.5.2"
      },
      {
        "model": "vpn client for solaris",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "cisco",
        "version": "3.5.1"
      },
      {
        "model": "vpn client for mac os",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "cisco",
        "version": "x3.5.2"
      },
      {
        "model": "vpn client for mac os",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "cisco",
        "version": "x3.5.1"
      },
      {
        "model": "vpn client for linux",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "cisco",
        "version": "3.5.2"
      },
      {
        "model": "vpn client for linux",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "cisco",
        "version": "3.5.1"
      },
      {
        "model": "vpn client for windows",
        "scope": "ne",
        "trust": 0.9,
        "vendor": "cisco",
        "version": "3.6"
      },
      {
        "model": "vpn client for solaris",
        "scope": "ne",
        "trust": 0.9,
        "vendor": "cisco",
        "version": "3.6"
      },
      {
        "model": "vpn client for mac os",
        "scope": "ne",
        "trust": 0.9,
        "vendor": "cisco",
        "version": "x3.6"
      },
      {
        "model": "vpn client for linux",
        "scope": "ne",
        "trust": 0.9,
        "vendor": "cisco",
        "version": "3.6"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "netscreen",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "network associates",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "openbsd",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "pgp",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "safenet",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sonicwall",
        "version": null
      },
      {
        "model": "vpn client for windows",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "3.5.2"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.1"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.0"
      },
      {
        "model": "netscreen-remote vpn client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netscreen",
        "version": "8.0"
      },
      {
        "model": "netscreen-remote security client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netscreen",
        "version": "8.0"
      },
      {
        "model": "netscreen-remote vpn client",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "netscreen",
        "version": "8.1"
      },
      {
        "model": "netscreen-remote security client",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "netscreen",
        "version": "8.1"
      },
      {
        "model": "associates pgp freeware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "network",
        "version": "7.0.3"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#287771"
      },
      {
        "db": "BID",
        "id": "5589"
      },
      {
        "db": "BID",
        "id": "5668"
      },
      {
        "db": "BID",
        "id": "5449"
      },
      {
        "db": "BID",
        "id": "5441"
      },
      {
        "db": "BID",
        "id": "5443"
      },
      {
        "db": "BID",
        "id": "5440"
      },
      {
        "db": "NVD",
        "id": "CVE-2002-0853"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200209-021"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:vpn_client:3.5.1:*:linux:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:vpn_client:3.5.1:*:mac_os_x:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:vpn_client:3.5.1:*:solaris:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:vpn_client:3.5.2:*:windows:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:vpn_client:3.5.2:*:linux:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:vpn_client:3.5.2:*:solaris:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:vpn_client:3.5.1:*:windows:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:vpn_client:3.5.2:*:mac_os_x:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2002-0853"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Published in a Cisco Security Advisory.  CERT/CC credits Anton Rager of Avaya Communications with discovery.",
    "sources": [
      {
        "db": "BID",
        "id": "5441"
      },
      {
        "db": "BID",
        "id": "5443"
      },
      {
        "db": "BID",
        "id": "5440"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2002-0853",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-5244",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2002-0853",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#287771",
            "trust": 0.8,
            "value": "1.03"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200209-021",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-5244",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#287771"
      },
      {
        "db": "VULHUB",
        "id": "VHN-5244"
      },
      {
        "db": "NVD",
        "id": "CVE-2002-0853"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200209-021"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Virtual Private Network (VPN) Client 3.5.4 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a packet with a zero-length payload. Internet Key Exchange (IKE) implementations from several vendors contain buffer overflows and denial-of-service conditions.  The buffer overflow vulnerabilities could permit an attacker to execute arbitrary code on a vulnerable system.  This is reported to cause the daemon to crash. \nThis issue may be related to the multiple IKE implementation vulnerabilities described in CERT/CC Vulnerability Note VU#287771. \nOther vendor products are reported to be affected by similar issues.  There are currently not enough details available to determine if PGPFreeware is affected by any of these specific issues. \nThis issue was reported in PGPFreeware 7.03 running on Windows NT 4.0 SP6. The Cisco VPN Client is prone to a remotely exploitable buffer overflow condition.  It is possible to trigger this condition by sending malformed IKE packets to the client.  The overflow occurs when the Security Parameter Index payload of the IKE packet is longer than 16 bytes in length.  It is possible that exploitation of this vulnerability may affect availability of the client, resulting in a denial of service condition. \nThis issue is reported to be exploitable when the client software is operating in Aggressive Mode during a phase 1 IKE exchange. \nThis vulnerability affects versions of the client on all platforms. \nWhen vulnerable clients receive a specific IKE packet with a zero length payload, the VPN client will consume all available processor time. The Cisco bug ID for these vulnerabilities is CSCdy26045",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2002-0853"
      },
      {
        "db": "CERT/CC",
        "id": "VU#287771"
      },
      {
        "db": "BID",
        "id": "5589"
      },
      {
        "db": "BID",
        "id": "5668"
      },
      {
        "db": "BID",
        "id": "5449"
      },
      {
        "db": "BID",
        "id": "5441"
      },
      {
        "db": "BID",
        "id": "5443"
      },
      {
        "db": "BID",
        "id": "5440"
      },
      {
        "db": "VULHUB",
        "id": "VHN-5244"
      }
    ],
    "trust": 3.33
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#287771",
        "trust": 4.0
      },
      {
        "db": "BID",
        "id": "5440",
        "trust": 2.8
      },
      {
        "db": "NVD",
        "id": "CVE-2002-0853",
        "trust": 1.7
      },
      {
        "db": "BID",
        "id": "5668",
        "trust": 1.1
      },
      {
        "db": "BID",
        "id": "5449",
        "trust": 1.1
      },
      {
        "db": "BID",
        "id": "5443",
        "trust": 1.1
      },
      {
        "db": "BID",
        "id": "5441",
        "trust": 1.1
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200209-021",
        "trust": 0.7
      },
      {
        "db": "XF",
        "id": "9821",
        "trust": 0.6
      },
      {
        "db": "CISCO",
        "id": "20020812 CISCO VPN CLIENT MULTIPLE VULNERABILITIES",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "5589",
        "trust": 0.3
      },
      {
        "db": "VULHUB",
        "id": "VHN-5244",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#287771"
      },
      {
        "db": "VULHUB",
        "id": "VHN-5244"
      },
      {
        "db": "BID",
        "id": "5589"
      },
      {
        "db": "BID",
        "id": "5668"
      },
      {
        "db": "BID",
        "id": "5449"
      },
      {
        "db": "BID",
        "id": "5441"
      },
      {
        "db": "BID",
        "id": "5443"
      },
      {
        "db": "BID",
        "id": "5440"
      },
      {
        "db": "NVD",
        "id": "CVE-2002-0853"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200209-021"
      }
    ]
  },
  "id": "VAR-200209-0033",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-5244"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T10:59:26.473000Z",
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2002-0853"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.2,
        "url": "http://www.kb.cert.org/vuls/id/287771"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/5440"
      },
      {
        "trust": 1.7,
        "url": "http://www.cisco.com/warp/public/707/vpnclient-multiple-vuln-pub.shtml"
      },
      {
        "trust": 1.7,
        "url": "http://www.iss.net/security_center/static/9821.php"
      },
      {
        "trust": 0.8,
        "url": "http://www.ietf.org/html.charters/ipsec-charter.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.ietf.org/rfc/rfc2408.txt"
      },
      {
        "trust": 0.8,
        "url": "http://www.ietf.org/rfc/rfc2409.txt"
      },
      {
        "trust": 0.8,
        "url": "http://www.ietf.org/rfc/rfc2412.txt"
      },
      {
        "trust": 0.8,
        "url": "http://www.vpnc.org/"
      },
      {
        "trust": 0.8,
        "url": "http://online.securityfocus.com/bid/5440"
      },
      {
        "trust": 0.8,
        "url": "http://online.securityfocus.com/bid/5441"
      },
      {
        "trust": 0.8,
        "url": "http://online.securityfocus.com/bid/5443"
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/5449"
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/5668"
      },
      {
        "trust": 0.8,
        "url": "http://ikecrack.sourceforge.net/"
      },
      {
        "trust": 0.8,
        "url": "http://www.nta-monitor.com/ike-scan/"
      },
      {
        "trust": 0.3,
        "url": "http://www.openbsd.org/errata.html#isakmpd"
      },
      {
        "trust": 0.3,
        "url": "http://www.netscreen.com/support/alerts/9_6_02.htm"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#287771"
      },
      {
        "db": "VULHUB",
        "id": "VHN-5244"
      },
      {
        "db": "BID",
        "id": "5589"
      },
      {
        "db": "BID",
        "id": "5668"
      },
      {
        "db": "BID",
        "id": "5449"
      },
      {
        "db": "BID",
        "id": "5441"
      },
      {
        "db": "BID",
        "id": "5443"
      },
      {
        "db": "BID",
        "id": "5440"
      },
      {
        "db": "NVD",
        "id": "CVE-2002-0853"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200209-021"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#287771"
      },
      {
        "db": "VULHUB",
        "id": "VHN-5244"
      },
      {
        "db": "BID",
        "id": "5589"
      },
      {
        "db": "BID",
        "id": "5668"
      },
      {
        "db": "BID",
        "id": "5449"
      },
      {
        "db": "BID",
        "id": "5441"
      },
      {
        "db": "BID",
        "id": "5443"
      },
      {
        "db": "BID",
        "id": "5440"
      },
      {
        "db": "NVD",
        "id": "CVE-2002-0853"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200209-021"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2002-08-12T00:00:00",
        "db": "CERT/CC",
        "id": "VU#287771"
      },
      {
        "date": "2002-09-05T00:00:00",
        "db": "VULHUB",
        "id": "VHN-5244"
      },
      {
        "date": "2002-07-05T00:00:00",
        "db": "BID",
        "id": "5589"
      },
      {
        "date": "2002-09-07T00:00:00",
        "db": "BID",
        "id": "5668"
      },
      {
        "date": "2002-08-12T00:00:00",
        "db": "BID",
        "id": "5449"
      },
      {
        "date": "2002-08-12T00:00:00",
        "db": "BID",
        "id": "5441"
      },
      {
        "date": "2002-08-12T00:00:00",
        "db": "BID",
        "id": "5443"
      },
      {
        "date": "2002-08-12T00:00:00",
        "db": "BID",
        "id": "5440"
      },
      {
        "date": "2002-09-05T04:00:00",
        "db": "NVD",
        "id": "CVE-2002-0853"
      },
      {
        "date": "2002-08-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200209-021"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2004-02-09T00:00:00",
        "db": "CERT/CC",
        "id": "VU#287771"
      },
      {
        "date": "2008-09-10T00:00:00",
        "db": "VULHUB",
        "id": "VHN-5244"
      },
      {
        "date": "2002-07-05T00:00:00",
        "db": "BID",
        "id": "5589"
      },
      {
        "date": "2002-09-07T00:00:00",
        "db": "BID",
        "id": "5668"
      },
      {
        "date": "2002-08-12T00:00:00",
        "db": "BID",
        "id": "5449"
      },
      {
        "date": "2002-08-12T00:00:00",
        "db": "BID",
        "id": "5441"
      },
      {
        "date": "2002-08-12T00:00:00",
        "db": "BID",
        "id": "5443"
      },
      {
        "date": "2002-08-12T00:00:00",
        "db": "BID",
        "id": "5440"
      },
      {
        "date": "2008-09-10T19:13:01.820000",
        "db": "NVD",
        "id": "CVE-2002-0853"
      },
      {
        "date": "2005-05-02T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200209-021"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "network",
    "sources": [
      {
        "db": "BID",
        "id": "5589"
      },
      {
        "db": "BID",
        "id": "5668"
      },
      {
        "db": "BID",
        "id": "5449"
      },
      {
        "db": "BID",
        "id": "5441"
      },
      {
        "db": "BID",
        "id": "5443"
      },
      {
        "db": "BID",
        "id": "5440"
      }
    ],
    "trust": 1.8
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple vendors\u0027 Internet Key Exchange (IKE) implementations do not properly handle IKE response packets",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#287771"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Boundary Condition Error",
    "sources": [
      {
        "db": "BID",
        "id": "5668"
      },
      {
        "db": "BID",
        "id": "5449"
      },
      {
        "db": "BID",
        "id": "5441"
      },
      {
        "db": "BID",
        "id": "5443"
      }
    ],
    "trust": 1.2
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2002-0853 (GCVE-0-2002-0853)

FKIE_CVE-2002-0853

GHSA-5PPW-9F97-JJPJ

GSD-2002-0853

VAR-200209-0033

Tags

Sightings

Nomenclature