CVE-2002-1098

CVE-2002-1098 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, adds an "HTTPS on Public Inbound (XML-Auto)(forward/in)" rule but sets the protocol to "ANY" when the XML filter configuration is enabled, which ultimately allows arbitrary traffic to pass through the concentrator.

Learn more about our Web Application Penetration Testing UK.