CVE-2002-1492

Buffer overflows in the Cisco VPN 5000 Client before 5.2.7 for Linux, and VPN 5000 Client before 5.2.8 for Solaris, allow local users to gain root privileges via (1) close_tunnel and (2) open_tunnel.

CVSS v2.0 7.2 HIGH

7.2^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.cisco.com/warp/public/707/vpn5k-client-multiple-vuln-pub.shtml	Patch Vendor Advisory
http://www.iss.net/security_center/static/10131.php	Patch Vendor Advisory
http://www.securityfocus.com/bid/5734	Exploit Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:vpn_5000_client:5.2.6::linux:::::
	cpe:2.3:a:cisco:vpn_5000_client:5.2.7::solaris:::::

History

No history.

Information

Published : 2003-04-02 05:00

Updated : 2008-09-05 20:30

NVD link : CVE-2002-1492

Mitre link : CVE-2002-1492

CVE.ORG link : CVE-2002-1492

JSON object : View

Products Affected

cisco

vpn_5000_client

CWE

NVD-CWE-Other

{"id": "CVE-2002-1492", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2003-04-02T05:00:00.000", "references": [{"url": "http://www.cisco.com/warp/public/707/vpn5k-client-multiple-vuln-pub.shtml", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.iss.net/security_center/static/10131.php", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/5734", "tags": ["Exploit", "Patch", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Buffer overflows in the Cisco VPN 5000 Client before 5.2.7 for Linux, and VPN 5000 Client before 5.2.8 for Solaris, allow local users to gain root privileges via (1) close_tunnel and (2) open_tunnel."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer en el cliente Cisco VPN 5000 anteriores a la 5.2.7 para Linux y cliente VPN 5000 Client anteriores a la 5.2.8 para Solaris, permite a usuarios locales la obtenci\u00f3n de privilegios de root mediante: close_tunnel y open_tunnel."}], "lastModified": "2008-09-05T20:30:44.547", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:vpn_5000_client:5.2.6:*:linux:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0CA5E2B9-9A31-47F7-AC04-3E8C3E1DAFC2"}, {"criteria": "cpe:2.3:a:cisco:vpn_5000_client:5.2.7:*:solaris:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "95A048E5-7DA2-45D1-962B-C2D87829A4DF"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

7.2 /10