CVE-2002-1098
Summary
Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, adds an "HTTPS on Public Inbound (XML-Auto)(forward/in)" rule but sets the protocol to "ANY" when the XML filter configuration is enabled, which ultimately allows arbitrary traffic to pass through the concentrator.
- LOW
- NETWORK
- NONE
- PARTIAL
- PARTIAL
- PARTIAL
References
Advisory Timeline
- Published