CVE-2002-0853:Cisco VPN Client 3.5.4 and earlier are vulnerable to denial of service via a zero-length payload packet, which can cause abnormal CPU usage.

splash
Back

Description Preview

Cisco Virtual Private Network (VPN) Client versions 3.5.4 and earlier contain a denial-of-service vulnerability that allows remote attackers to cause excessive CPU consumption by sending a packet with a zero-length payload. This issue can disrupt VPN client availability and does not require user interaction beyond sending the crafted packet. The vulnerability is documented in multiple sources, including Cisco advisories and third-party reports, and affects the affected Cisco VPN Client versions.

Overview

This CVE describes a denial-of-service vulnerability in Cisco VPN Client versions 3.5.4 and earlier where processing a zero-length payload packet can cause the client to consume CPU resources, potentially impacting availability. The vulnerability is exploitable remotely and has been documented by Cisco and other vulnerability trackers, with affected versions identified as Cisco VPN Client 3.5.4 and earlier.

Remediation

  • Upgrade the Cisco VPN Client to a non-affected version per Cisco’s advisory or migrate to a supported Cisco VPN solution, and ensure ongoing security updates.
  • If upgrading is not immediately feasible, implement network-level mitigations such as blocking or rate-limiting packets with zero-length payloads at the perimeter (firewall/IPS) and restricting VPN client access to reduce exposure.
  • Enable robust monitoring for unusual VPN client CPU usage and potential DoS attempts; conduct testing after applying patches.
  • If the product is end-of-life or no fixed version is available, consider replacing with a supported VPN solution to ensure ongoing security patching.

References

  • Cisco VPN Client Multiple Vulnerabilities (Cisco) — http://www.cisco.com/warp/public/707/vpnclient-multiple-vuln-pub.shtml
  • VU#287771 (CERT/CSRIC) — http://www.kb.cert.org/vuls/id/287771
  • BID 5440 (SecurityFocus) — http://www.securityfocus.com/bid/5440
  • cisco-vpn-zerolength-dos(9821) (ISS XF) — http://www.iss.net/security_center/static/9821.php

Industry ExposureMost to least
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.

  1. Accommodation & Food Services: Low
    Accommodation & Food Services
  2. Administrative, Support, Waste Management & Remediation Services: Low
    Administrative, Support, Waste Management & Remediation Services
  3. Agriculture, Forestry Fishing & Hunting: Low
    Agriculture, Forestry Fishing & Hunting
  4. Arts, Entertainment & Recreation: Low
    Arts, Entertainment & Recreation
  5. Construction: Low
    Construction
  6. Educational Services: Low
    Educational Services
  7. Finance and Insurance: Low
    Finance and Insurance
  8. Health Care & Social Assistance: Low
    Health Care & Social Assistance
  9. Information: Low
    Information
  10. Management of Companies & Enterprises: Low
    Management of Companies & Enterprises
  11. Manufacturing: Low
    Manufacturing
  12. Mining: Low
    Mining
  13. Other Services (except Public Administration): Low
    Other Services (except Public Administration)
  14. Professional, Scientific, & Technical Services: Low
    Professional, Scientific, & Technical Services
  15. Public Administration: Low
    Public Administration
  16. Real Estate Rental & Leasing: Low
    Real Estate Rental & Leasing
  17. Retail Trade: Low
    Retail Trade
  18. Transportation & Warehousing: Low
    Transportation & Warehousing
  19. Utilities: Low
    Utilities
  20. Wholesale Trade: Low
    Wholesale Trade

Focus on What Matters

  1. See Everything.
  2. Identify True Risk.
  3. Proactively Mitigate Threats.

Let's talk!

background