Reported September 03, 2002, by Cisco Systems.

VERSIONS AFFECTED

·         All Cisco Systems VPN 3000 series concentrators

·         Cisco Systems VPN 3002 hardware client

 

DESCRIPTION
Multiple vulnerabilities exist in Cisco's VPN 3000 series concentrators and VPN 3002 hardware client that can result in information disclosure, Denial of Service (DoS) conditions, and unauthenticated display of passwords on the vulnerable devices.

 

VENDOR RESPONSE

Cisco has issued a notice regarding these vulnerabilities and recommends that affected users upgrade to a fixed release of its software through regular support channels or the Cisco Web site.

 

CREDIT
Discovered by Cisco Systems