Cisco VPN 3000 Concentrator 2.2.x, and 3.x prior to 3.5.3, adds an "HTTPS on Public Inbound (XML-Auto)(forward/in)" rule but sets the protocol to "ANY" when the XML filter configuration is enabled, which ultimately allows arbitrary traffic to pass through the concentrator.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
cisco vpn_3000_concentrator_series_software 3.1 |
||
cisco vpn_3000_concentrator_series_software 3.1\\(rel\\) |
||
cisco vpn_3000_concentrator_series_software 3.1.1 |
||
cisco vpn_3000_concentrator_series_software 3.1.2 |
||
cisco vpn_3000_concentrator_series_software 2.5.2.b |
||
cisco vpn_3000_concentrator_series_software 2.5.2.c |
||
cisco vpn_3000_concentrator_series_software 2.5.2.d |
||
cisco vpn_3000_concentrator_series_software 2.5.2.f |
||
cisco vpn_3000_concentrator_series_software 3.0 |
||
cisco vpn_3000_concentrator_series_software 2.5.2.a |
||
cisco vpn_3000_concentrator_series_software 3.0.3.a |
||
cisco vpn_3000_concentrator_series_software 3.0.4 |
||
cisco vpn_3000_concentrator_series_software 3.1.4 |
||
cisco vpn_3000_concentrator_series_software 3.5.1 |
||
cisco vpn_3000_concentrator_series_software 2.0 |
||
cisco vpn_3000_concentrator_series_software 3.0\\(rel\\) |
||
cisco vpn_3000_concentrator_series_software 3.0.3.b |
||
cisco vpn_3000_concentrator_series_software 3.5\\(rel\\) |
||
cisco vpn_3000_concentrator_series_software 3.5.2 |
||
cisco vpn_3002_hardware_client |
Vulmon