Vulnerabilities > CVE-2002-1098 - Unspecified vulnerability in Cisco products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN cisco
nessus
Summary
Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, adds an "HTTPS on Public Inbound (XML-Auto)(forward/in)" rule but sets the protocol to "ANY" when the XML filter configuration is enabled, which ultimately allows arbitrary traffic to pass through the concentrator.
Vulnerable Configurations
Nessus
| NASL family | CISCO |
| NASL id | CSCDX07754.NASL |
| description | The remote VPN concentrator is subject to multiple flaws : - XML public rule - HTML pages access - HTML login processing This vulnerability is documented as Cisco bug ID CSCdx07754, CSCdx24622 and CSCdx24632. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 11293 |
| published | 2003-03-01 |
| reporter | This script is (C) 2003-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/11293 |
| title | Cisco VPN 3000 Concentrator Multiple Vulnerabilities (CSCdx07754, CSCdx24622, CSCdx24632) |
References
- http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml
- http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml
- http://www.iss.net/security_center/static/10023.php
- http://www.iss.net/security_center/static/10023.php
- http://www.securityfocus.com/bid/5614
- http://www.securityfocus.com/bid/5614