Back to search
CVE-2002-1098
Published: Sep 1, 2004
Modified: Aug 8, 2024
PUBLISHED
Description
Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, adds an "HTTPS on Public Inbound (XML-Auto)(forward/in)" rule but sets the protocol to "ANY" when the XML filter configuration is enabled, which ultimately allows arbitrary traffic to pass through the concentrator.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities
vendor-advisory
x_refsource_CISCO
5614
vdb-entry
x_refsource_BID
cisco-vpn-xml-filter(10023)
vdb-entry
x_refsource_XF
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now