Vpn 3000 Concentrator CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (26 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2001-0428	1 Cisco	1 Vpn 3000 Concentrator Series Software	2026-04-16	N/A
Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote attackers to cause a denial of service via an IP packet with an invalid IP option.
CVE-2002-1096	1 Cisco	2 Vpn 3000 Concentrator Series Software, Vpn 3002 Hardware Client	2026-04-16	N/A
Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.1, allows restricted administrators to obtain user passwords that are stored in plaintext in HTML source code.
CVE-2002-1098	1 Cisco	2 Vpn 3000 Concentrator Series Software, Vpn 3002 Hardware Client	2026-04-16	N/A
Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, adds an "HTTPS on Public Inbound (XML-Auto)(forward/in)" rule but sets the protocol to "ANY" when the XML filter configuration is enabled, which ultimately allows arbitrary traffic to pass through the concentrator.
CVE-2002-1099	1 Cisco	2 Vpn 3000 Concentrator Series Software, Vpn 3002 Hardware Client	2026-04-16	N/A
Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, allows remote attackers to obtain potentially sensitive information without authentication by directly accessing certain HTML pages.
CVE-2005-2025	1 Cisco	8 Vpn 3000 Concentrator, Vpn 3000 Concentrator Series Software, Vpn 3005 Concentrator Software and 5 more	2026-04-16	N/A
Cisco VPN 3000 Concentrator before 4.1.7.F allows remote attackers to determine valid groupnames by sending an IKE Aggressive Mode packet with the groupname in the ID field, which generates a response if the groupname is valid, but does not generate a response for an invalid groupname.
CVE-2010-4354	1 Cisco	9 Asa 5500, Pix 500, Vpn 3000 Concentrator and 6 more	2025-04-11	N/A
The remote-access IPSec VPN implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices, PIX Security Appliances 500 series devices, and VPN Concentrators 3000 series devices responds to an Aggressive Mode IKE Phase I message only when the group name is configured on the device, which allows remote attackers to enumerate valid group names via a series of IKE negotiation attempts, aka Bug ID CSCtj96108, a different vulnerability than CVE-2005-2025.

« first previous Page 2 of 2.