Cisco VPN 3000 Concentrator Vulnerability in XML Filter Configuration
CVE-2002-1098

Currently unrated

Key Information:

Vendor: Cisco
Status: Vpn 3000 Concentrator Series Software; Vpn 3002 Hardware Client
Vendor: CVE Published:; 4 October 2002

Summary

The Cisco VPN 3000 Concentrator, specifically versions 2.2.x and 3.x prior to 3.5.3, presents a significant security issue by allowing arbitrary traffic to traverse the device due to a misconfigured XML filter. When the XML filter is enabled, an insecure rule that sets the protocol to 'ANY' for 'HTTPS on Public Inbound' traffic can lead to unauthorized access. This vulnerability enables attackers to exploit the configuration and potentially gain access to sensitive information or disrupt services.

References

http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-...

vendor-advisoryx_refsource_CISCO

http://www.securityfocus.com/bid/5614

vdb-entryx_refsource_BID

http://www.iss.net/security_center/static/10023.php

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Oct 4, 2002
Vulnerability Reserved
Sep 6, 2002