← Back

CVE-2002-1098

nvd nist
Published: Oct 4, 2002Modified: Apr 16, 2026

JSON object

Loading...
7.5
Vector
AV:N/AC:L/Au:N/C:P/I:P/A:P
Exploitability: 10.0 / Impact: 6.4
Source: NVD

Description

Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, adds an "HTTPS on Public Inbound (XML-Auto)(forward/in)" rule but sets the protocol to "ANY" when the XML filter configuration is enabled, which ultimately allows arbitrary traffic to pass through the concentrator.

Affected (20)

Cisco
2 products
Vpn 3000 Concentrator Series Software
Vpn 3002 Hardware Client
Configuration A
20 vulnerable
Vulnerable SoftwareAffected Versions
Cisco
Vpn 3000 Concentrator Series Software
Version 2.0
Vpn 3000 Concentrator Series Software
Version 2.5.2.a
Vpn 3000 Concentrator Series Software
Version 2.5.2.b
Vpn 3000 Concentrator Series Software
Version 2.5.2.c
Vpn 3000 Concentrator Series Software
Version 2.5.2.d
Vpn 3000 Concentrator Series Software
Version 2.5.2.f
Vpn 3000 Concentrator Series Software
Version 3.0.3.a
Vpn 3000 Concentrator Series Software
Version 3.0.3.b
Vpn 3000 Concentrator Series Software
Version 3.0.4
Vpn 3000 Concentrator Series Software
Version 3.0
Vpn 3000 Concentrator Series Software
Version 3.0(rel)
Vpn 3000 Concentrator Series Software
Version 3.1.1
Vpn 3000 Concentrator Series Software
Version 3.1.2
Vpn 3000 Concentrator Series Software
Version 3.1.4
Vpn 3000 Concentrator Series Software
Version 3.1
Vpn 3000 Concentrator Series Software
Version 3.1(rel)
Vpn 3000 Concentrator Series Software
Version 3.5.1
Vpn 3000 Concentrator Series Software
Version 3.5.2
Vpn 3000 Concentrator Series Software
Version 3.5(rel)
Vpn 3002 Hardware Client
All versions

References (6)

Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.