Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x prior to 3.5.1C, does not properly verify that certificate DN fields match those of the certificate from the VPN Concentrator, which allows remote malicious users to conduct man-in-the-middle attacks.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco vpn client 3.1 |
||
cisco vpn client 3.5.1 |
||
cisco vpn client 2.0 |
||
cisco vpn client 3.0 |