CVE-2002-1098

Name of the Vulnerable Software and Affected Versions: Cisco VPN 3000 Concentrator versions 2.2.x through 3.x before 3.5.3

Description: The issue allows arbitrary traffic to pass through the concentrator due to a misconfiguration when the XML filter configuration is enabled. This occurs because the protocol is set to "ANY" when the "HTTPS on Public Inbound (XML-Auto)(forward/in)" rule is added.

Recommendations: For versions 2.2.x through 3.x before 3.5.3, update to version 3.5.3 or later to resolve the issue.