CVE-2002-1095

Description

Cisco VPN 3000 Concentrator before 2.5.2(F), with encryption enabled, allows remote attackers to cause a denial of service (reload) via a Windows-based PPTP client with the "No Encryption" option set.

Affected products

• Cisco / secure_access_control_server2.6.3 – 2.6.3
• Cisco / vpn_3000_concentrator_series_software2.5.2.a – 2.5.2.a
• Cisco / vpn_3000_concentrator_series_software2.5.2.b – 2.5.2.b
• Cisco / vpn_3000_concentrator_series_software2.0 – 2.0
• Cisco / vpn_3000_concentrator_series_software2.5.2.d – 2.5.2.d
• Cisco / vpn_3000_concentrator_series_software2.5.2.c – 2.5.2.c
• Cisco / vpn_3002_hardware_client

References

• VENDOR_ADVISORYhttp://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml
• MISChttp://www.securityfocus.com/bid/5625
• MISChttp://www.iss.net/security_center/static/10021.php