CVE-2002-1098
published 2002-10-04CVE-2002-1098: Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, adds an "HTTPS on Public Inbound (XML-Auto)(forward/in)" rule but sets the protocol to "ANY" when the…
high7.5CVSS 3.1
AVNACLAuNCPIPAP
Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, adds an "HTTPS on Public Inbound (XML-Auto)(forward/in)" rule but sets the protocol to "ANY" when the XML filter configuration is enabled, which ultimately allows arbitrary traffic to pass through the concentrator.
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | vpn_3000_concentrator_series_software | — | — |
| cisco | vpn_3000_concentrator_series_software | — | — |
| cisco | vpn_3000_concentrator_series_software | — | — |
| cisco | vpn_3000_concentrator_series_software | — | — |
| cisco | vpn_3000_concentrator_series_software | — | — |
| cisco | vpn_3000_concentrator_series_software | — | — |
| cisco | vpn_3000_concentrator_series_software | — | — |
| cisco | vpn_3000_concentrator_series_software | — | — |
| cisco | vpn_3000_concentrator_series_software | — | — |
| cisco | vpn_3000_concentrator_series_software | — | — |
| cisco | vpn_3000_concentrator_series_software | — | — |
| cisco | vpn_3000_concentrator_series_software | — | — |
| cisco | vpn_3000_concentrator_series_software | — | — |
| cisco | vpn_3000_concentrator_series_software | — | — |
| cisco | vpn_3000_concentrator_series_software | — | — |
| cisco | vpn_3000_concentrator_series_software | — | — |
| cisco | vpn_3000_concentrator_series_software | — | — |
| cisco | vpn_3000_concentrator_series_software | — | — |
| cisco | vpn_3000_concentrator_series_software | — | — |