CVE-2002-1098

3 documents3 sources

Severity

7.5HIGH

EPSS

0.5%

top 32.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco VPN 3000 Concentrator Series Software

Timeline

PublishedOct 4

Latest updateApr 30

Description

Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, adds an "HTTPS on Public Inbound (XML-Auto)(forward/in)" rule but sets the protocol to "ANY" when the XML filter configuration is enabled, which ultimately allows arbitrary traffic to pass through the concentrator.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDcisco/vpn_3000_concentrator_series_software19 versions+18

🔴Vulnerability Details

GHSA

GHSA-8p3v-g4jm-c2m8: Cisco VPN 3000 Concentrator 2↗2022-04-30

▶

CVEList

CVE-2002-1098: Cisco VPN 3000 Concentrator 2↗2004-09-01

▶