First published: Fri Oct 04 2002(Updated: )
Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, adds an "HTTPS on Public Inbound (XML-Auto)(forward/in)" rule but sets the protocol to "ANY" when the XML filter configuration is enabled, which ultimately allows arbitrary traffic to pass through the concentrator.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Vpn 3000 Concentrator Series Software | =2.0 | |
Cisco Vpn 3000 Concentrator Series Software | =2.5.2.a | |
Cisco Vpn 3000 Concentrator Series Software | =2.5.2.b | |
Cisco Vpn 3000 Concentrator Series Software | =2.5.2.c | |
Cisco Vpn 3000 Concentrator Series Software | =2.5.2.d | |
Cisco Vpn 3000 Concentrator Series Software | =2.5.2.f | |
Cisco Vpn 3000 Concentrator Series Software | =3.0 | |
Cisco Vpn 3000 Concentrator Series Software | =3.0\(rel\) | |
Cisco Vpn 3000 Concentrator Series Software | =3.0.3.a | |
Cisco Vpn 3000 Concentrator Series Software | =3.0.3.b | |
Cisco Vpn 3000 Concentrator Series Software | =3.0.4 | |
Cisco Vpn 3000 Concentrator Series Software | =3.1 | |
Cisco Vpn 3000 Concentrator Series Software | =3.1\(rel\) | |
Cisco Vpn 3000 Concentrator Series Software | =3.1.1 | |
Cisco Vpn 3000 Concentrator Series Software | =3.1.2 | |
Cisco Vpn 3000 Concentrator Series Software | =3.1.4 | |
Cisco Vpn 3000 Concentrator Series Software | =3.5\(rel\) | |
Cisco Vpn 3000 Concentrator Series Software | =3.5.1 | |
Cisco Vpn 3000 Concentrator Series Software | =3.5.2 | |
Cisco VPN 3002 Hardware Client |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.