NVD Vulnerability Detail

CVE-2002-1098

Summary	Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, adds an "HTTPS on Public Inbound (XML-Auto)(forward/in)" rule but sets the protocol to "ANY" when the XML filter configuration is enabled, which ultimately allows arbitrary traffic to pass through the concentrator.
Publication Date	Oct. 4, 2002, 1 p.m.
Registration Date	Jan. 29, 2021, 6:04 p.m.
Last Update	Oct. 31, 2018, 1:26 a.m.

CVSS2.0 : HIGH
Score	7.5
Vector	AV:N/AC:L/Au:N/C:P/I:P/A:P
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	不要
機密性への影響(C)	低
完全性への影響(I)	低
可用性への影響(A)	低
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	いいえ

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.0:::::::*
cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.5.2.a:::::::*
cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.5.2.b:::::::*
cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.5.2.c:::::::*
cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.5.2.d:::::::*
cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.5.2.f:::::::*
cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.0:::::::*
cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.0\(rel\):::::::*
cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.0.3.a:::::::*
cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.0.3.b:::::::*
cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.0.4:::::::*
cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.1:::::::*
cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.1\(rel\):::::::*
cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.1.1:::::::*
cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.1.2:::::::*
cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.1.4:::::::*
cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5\(rel\):::::::*
cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.1:::::::*
cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.2:::::::*
cpe:2.3:a:cisco:vpn_3002_hardware_client::::::::

Related information, measures and tools

No	URL	refsource	タグ
1	http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml	CISCO	Vendor Advisory
2	http://www.iss.net/security_center/static/10023.php	XF	Vendor Advisory
3	http://www.securityfocus.com/bid/5614	BID

Common Vulnerabilities List

Configuration1	or higher	or less	more than	less than
cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.0:::::::*
cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.5.2.a:::::::*
cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.5.2.b:::::::*
cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.5.2.c:::::::*
cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.5.2.d:::::::*
cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.5.2.f:::::::*
cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.0:::::::*
cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.0\(rel\):::::::*
cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.0.3.a:::::::*
cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.0.3.b:::::::*
cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.0.4:::::::*
cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.1:::::::*
cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.1\(rel\):::::::*
cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.1.1:::::::*
cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.1.2:::::::*
cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.1.4:::::::*
cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5\(rel\):::::::*
cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.1:::::::*
cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.2:::::::*
cpe:2.3:a:cisco:vpn_3002_hardware_client::::::::