Vulnerabilities > CVE-2002-1098 - Unspecified vulnerability in Cisco products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, adds an "HTTPS on Public Inbound (XML-Auto)(forward/in)" rule but sets the protocol to "ANY" when the XML filter configuration is enabled, which ultimately allows arbitrary traffic to pass through the concentrator.
Vulnerable Configurations
Nessus
| NASL family | CISCO |
| NASL id | CSCDX07754.NASL |
| description | The remote VPN concentrator is subject to multiple flaws : - XML public rule - HTML pages access - HTML login processing This vulnerability is documented as Cisco bug ID CSCdx07754, CSCdx24622 and CSCdx24632. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 11293 |
| published | 2003-03-01 |
| reporter | This script is (C) 2003-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/11293 |
| title | Cisco VPN 3000 Concentrator Multiple Vulnerabilities (CSCdx07754, CSCdx24622, CSCdx24632) |