What is the severity of CVE-2002-1098?

CVE-2002-1098 is classified as a significant vulnerability that may allow arbitrary traffic through affected Cisco VPN 3000 Concentrators.

How do I fix CVE-2002-1098?

To address CVE-2002-1098, upgrade the Cisco VPN 3000 Concentrator to version 3.5.3 or later.

What systems are affected by CVE-2002-1098?

CVE-2002-1098 affects multiple versions of Cisco VPN 3000 Concentrator software, specifically versions 2.2.x and 3.x prior to 3.5.3.

What is the impact of CVE-2002-1098?

The impact of CVE-2002-1098 includes the possibility of unauthorized access as arbitrary traffic can bypass the intended filtering.

Is there a workaround for CVE-2002-1098?

There is no widely recommended workaround for CVE-2002-1098; the best action is to apply patches and updates as they become available.

Vulnerability/
CVE-2002-1098

high

7.5

CWE

NVD-CWE-Other

4/10/2002

1/9/2004

8/8/2024

CVE-2002-1098

First published: Fri Oct 04 2002(Updated: )

Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, adds an "HTTPS on Public Inbound (XML-Auto)(forward/in)" rule but sets the protocol to "ANY" when the XML filter configuration is enabled, which ultimately allows arbitrary traffic to pass through the concentrator.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Cisco VPN 3000 concentrator series software	=2.0
Cisco VPN 3000 concentrator series software	=2.5.2.a
Cisco VPN 3000 concentrator series software	=2.5.2.b
Cisco VPN 3000 concentrator series software	=2.5.2.c
Cisco VPN 3000 concentrator series software	=2.5.2.d
Cisco VPN 3000 concentrator series software	=2.5.2.f
Cisco VPN 3000 concentrator series software	=3.0
Cisco VPN 3000 concentrator series software	=3.0\(rel\)
Cisco VPN 3000 concentrator series software	=3.0.3.a
Cisco VPN 3000 concentrator series software	=3.0.3.b
Cisco VPN 3000 concentrator series software	=3.0.4
Cisco VPN 3000 concentrator series software	=3.1
Cisco VPN 3000 concentrator series software	=3.1\(rel\)
Cisco VPN 3000 concentrator series software	=3.1.1
Cisco VPN 3000 concentrator series software	=3.1.2
Cisco VPN 3000 concentrator series software	=3.1.4
Cisco VPN 3000 concentrator series software	=3.5\(rel\)
Cisco VPN 3000 concentrator series software	=3.5.1
Cisco VPN 3000 concentrator series software	=3.5.2
Cisco VPN 3002 Hardware Client

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2002-1098?
CVE-2002-1098 is classified as a significant vulnerability that may allow arbitrary traffic through affected Cisco VPN 3000 Concentrators.
How do I fix CVE-2002-1098?
To address CVE-2002-1098, upgrade the Cisco VPN 3000 Concentrator to version 3.5.3 or later.
What systems are affected by CVE-2002-1098?
CVE-2002-1098 affects multiple versions of Cisco VPN 3000 Concentrator software, specifically versions 2.2.x and 3.x prior to 3.5.3.
What is the impact of CVE-2002-1098?
The impact of CVE-2002-1098 includes the possibility of unauthorized access as arbitrary traffic can bypass the intended filtering.
Is there a workaround for CVE-2002-1098?
There is no widely recommended workaround for CVE-2002-1098; the best action is to apply patches and updates as they become available.

collector/nvd-historical
agent/softwarecombine
agent/first-publish-date
agent/type
collector/mitre-cve
source/MITRE
agent/references
agent/weakness
agent/severity
agent/last-modified-date
agent/description
agent/author
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/cisco
canonical/cisco vpn 3000 concentrator series software
version/cisco vpn 3000 concentrator series software/2.0
version/cisco vpn 3000 concentrator series software/2.5.2.a
version/cisco vpn 3000 concentrator series software/2.5.2.b
version/cisco vpn 3000 concentrator series software/2.5.2.c
version/cisco vpn 3000 concentrator series software/2.5.2.d
version/cisco vpn 3000 concentrator series software/2.5.2.f
version/cisco vpn 3000 concentrator series software/3.0
version/cisco vpn 3000 concentrator series software/3.0\(rel\)
version/cisco vpn 3000 concentrator series software/3.0.3.a
version/cisco vpn 3000 concentrator series software/3.0.3.b
version/cisco vpn 3000 concentrator series software/3.0.4
version/cisco vpn 3000 concentrator series software/3.1
version/cisco vpn 3000 concentrator series software/3.1\(rel\)
version/cisco vpn 3000 concentrator series software/3.1.1
version/cisco vpn 3000 concentrator series software/3.1.2
version/cisco vpn 3000 concentrator series software/3.1.4
version/cisco vpn 3000 concentrator series software/3.5\(rel\)
version/cisco vpn 3000 concentrator series software/3.5.1
version/cisco vpn 3000 concentrator series software/3.5.2
canonical/cisco vpn 3002 hardware client