cvelistv5 - cve-2009-1203

CVE-2009-1203 (GCVE-0-2009-1203)

Vulnerability from cvelistv5 – Published: 2009-06-25 17:00 – Updated: 2024-08-07 05:04

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.securityfocus.com/archive/1/504516/100…	mailing-listx_refsource_BUGTRAQ
	http://www.securitytracker.com/id?1022457	vdb-entryx_refsource_SECTRACK
	http://www.vupen.com/english/advisories/2009/1713	vdb-entryx_refsource_VUPEN
	http://www.securityfocus.com/bid/35475	vdb-entryx_refsource_BID
	http://secunia.com/advisories/35511	third-party-advisoryx_refsource_SECUNIA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:04:48.991Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20090624 Trustwave\u0027s SpiderLabs Security Advisory TWSL2009-002",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/504516/100/0/threaded"
          },
          {
            "name": "1022457",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1022457"
          },
          {
            "name": "ADV-2009-1713",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1713"
          },
          {
            "name": "35475",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/35475"
          },
          {
            "name": "35511",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35511"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-06-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 does not properly distinguish its own login screen from the login screens it produces for third-party (1) FTP and (2) CIFS servers, which makes it easier for remote attackers to trick a user into sending WebVPN credentials to an arbitrary server via a URL associated with that server, aka Bug ID CSCsy80709."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20090624 Trustwave\u0027s SpiderLabs Security Advisory TWSL2009-002",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/504516/100/0/threaded"
        },
        {
          "name": "1022457",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1022457"
        },
        {
          "name": "ADV-2009-1713",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1713"
        },
        {
          "name": "35475",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/35475"
        },
        {
          "name": "35511",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35511"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-1203",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 does not properly distinguish its own login screen from the login screens it produces for third-party (1) FTP and (2) CIFS servers, which makes it easier for remote attackers to trick a user into sending WebVPN credentials to an arbitrary server via a URL associated with that server, aka Bug ID CSCsy80709."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20090624 Trustwave\u0027s SpiderLabs Security Advisory TWSL2009-002",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/504516/100/0/threaded"
            },
            {
              "name": "1022457",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1022457"
            },
            {
              "name": "ADV-2009-1713",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/1713"
            },
            {
              "name": "35475",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/35475"
            },
            {
              "name": "35511",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35511"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-1203",
    "datePublished": "2009-06-25T17:00:00",
    "dateReserved": "2009-03-31T00:00:00",
    "dateUpdated": "2024-08-07T05:04:48.991Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:adaptive_security_appliance:8.0\\\\(4\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"98CBFBF5-966C-48E8-BAFB-DED4E58098F1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:adaptive_security_appliance:8.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"13BC5744-8EB0-4BE3-A743-E95BCD6E2CC2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:adaptive_security_appliance:8.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7853F676-A9A4-4980-B698-19C60F4DD71F\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:adaptive_security_appliance:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7D80DB80-F243-469B-993F-E368B092B3C5\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 does not properly distinguish its own login screen from the login screens it produces for third-party (1) FTP and (2) CIFS servers, which makes it easier for remote attackers to trick a user into sending WebVPN credentials to an arbitrary server via a URL associated with that server, aka Bug ID CSCsy80709.\"}, {\"lang\": \"es\", \"value\": \"WebVPN en los dispositivos Cisco Adaptive Security Appliances (ASA) con software 8.0(4), 8.1.2, y 8.2.1 no distingue de manera apropiada su propia pantalla de login de las pantallas de login que produce para servidores (1) FTP and (2) CIFS de terceros, lo que facilita a atacantes remotos enga\\u00f1ar a un usuario envi\\u00e1ndole credenciales WebVPN para un servidor de su elecci\\u00f3n mediante una URL asociada con este servidor, alias Bug ID CSCsy80709.\"}]",
      "id": "CVE-2009-1203",
      "lastModified": "2024-11-21T01:01:54.117",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:S/C:P/I:P/A:P\", \"baseScore\": 6.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 6.8, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2009-06-25T17:30:00.267",
      "references": "[{\"url\": \"http://secunia.com/advisories/35511\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/504516/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/35475\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.securitytracker.com/id?1022457\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2009/1713\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/35511\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/504516/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/35475\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.securitytracker.com/id?1022457\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2009/1713\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2009-1203\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2009-06-25T17:30:00.267\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 does not properly distinguish its own login screen from the login screens it produces for third-party (1) FTP and (2) CIFS servers, which makes it easier for remote attackers to trick a user into sending WebVPN credentials to an arbitrary server via a URL associated with that server, aka Bug ID CSCsy80709.\"},{\"lang\":\"es\",\"value\":\"WebVPN en los dispositivos Cisco Adaptive Security Appliances (ASA) con software 8.0(4), 8.1.2, y 8.2.1 no distingue de manera apropiada su propia pantalla de login de las pantallas de login que produce para servidores (1) FTP and (2) CIFS de terceros, lo que facilita a atacantes remotos enga\u00f1ar a un usuario envi\u00e1ndole credenciales WebVPN para un servidor de su elecci\u00f3n mediante una URL asociada con este servidor, alias Bug ID CSCsy80709.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:S/C:P/I:P/A:P\",\"baseScore\":6.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":6.8,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:adaptive_security_appliance:8.0\\\\(4\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98CBFBF5-966C-48E8-BAFB-DED4E58098F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:adaptive_security_appliance:8.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"13BC5744-8EB0-4BE3-A743-E95BCD6E2CC2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:adaptive_security_appliance:8.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7853F676-A9A4-4980-B698-19C60F4DD71F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:adaptive_security_appliance:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7D80DB80-F243-469B-993F-E368B092B3C5\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/35511\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/504516/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/35475\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.securitytracker.com/id?1022457\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/1713\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/35511\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/504516/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/35475\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.securitytracker.com/id?1022457\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/1713\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GSD-2009-1203

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2009-1203

Aliases

CVE-2009-1203

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2009-1203",
    "description": "WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 does not properly distinguish its own login screen from the login screens it produces for third-party (1) FTP and (2) CIFS servers, which makes it easier for remote attackers to trick a user into sending WebVPN credentials to an arbitrary server via a URL associated with that server, aka Bug ID CSCsy80709.",
    "id": "GSD-2009-1203",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2009-1203"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2009-1203"
      ],
      "details": "WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 does not properly distinguish its own login screen from the login screens it produces for third-party (1) FTP and (2) CIFS servers, which makes it easier for remote attackers to trick a user into sending WebVPN credentials to an arbitrary server via a URL associated with that server, aka Bug ID CSCsy80709.",
      "id": "GSD-2009-1203",
      "modified": "2023-12-13T01:19:48.256389Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2009-1203",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 does not properly distinguish its own login screen from the login screens it produces for third-party (1) FTP and (2) CIFS servers, which makes it easier for remote attackers to trick a user into sending WebVPN credentials to an arbitrary server via a URL associated with that server, aka Bug ID CSCsy80709."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20090624 Trustwave\u0027s SpiderLabs Security Advisory TWSL2009-002",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/504516/100/0/threaded"
          },
          {
            "name": "1022457",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1022457"
          },
          {
            "name": "ADV-2009-1713",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2009/1713"
          },
          {
            "name": "35475",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/35475"
          },
          {
            "name": "35511",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/35511"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:adaptive_security_appliance:8.2.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:adaptive_security_appliance:8.1.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:adaptive_security_appliance:8.0\\(4\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:adaptive_security_appliance:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-1203"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 does not properly distinguish its own login screen from the login screens it produces for third-party (1) FTP and (2) CIFS servers, which makes it easier for remote attackers to trick a user into sending WebVPN credentials to an arbitrary server via a URL associated with that server, aka Bug ID CSCsy80709."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "35475",
              "refsource": "BID",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.securityfocus.com/bid/35475"
            },
            {
              "name": "ADV-2009-1713",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2009/1713"
            },
            {
              "name": "1022457",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1022457"
            },
            {
              "name": "35511",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/35511"
            },
            {
              "name": "20090624 Trustwave\u0027s SpiderLabs Security Advisory TWSL2009-002",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/504516/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 6.8,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-10T19:35Z",
      "publishedDate": "2009-06-25T17:30Z"
    }
  }
}

VAR-200906-0070

Vulnerability from variot - Updated: 2023-12-18 13:30

WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 does not properly distinguish its own login screen from the login screens it produces for third-party (1) FTP and (2) CIFS servers, which makes it easier for remote attackers to trick a user into sending WebVPN credentials to an arbitrary server via a URL associated with that server, aka Bug ID CSCsy80709. Cisco Adaptive Security Appliance (ASA) is prone to a vulnerability that can aid in phishing attacks. An attacker can exploit this issue to display a fake login window that's visually similar to the device's login window, which may mislead users. This issue is tracked by Cisco Bug ID CSCsy80709. The attacker can exploit this issue to set up phishing attacks. Successful exploits could aid in further attacks. Versions prior to ASA 8.0.4.34 and 8.1.2.25 are vulnerable. Trustwave's SpiderLabs Security Advisory TWSL2009-002: Cisco ASA Web VPN Multiple Vulnerabilities

Published: 2009-06-24 Version: 1.0

Vendor: Cisco Systems, Inc. (http://www.cisco.com)

Versions affected: 8.0(4), 8.1.2, and 8.2.1

Description: Cisco's Adaptive Security Appliance (ASA) provides a number of security related features, including "Web VPN" functionality that allows authenticated users to access a variety of content through a web interface. This includes other web content, FTP servers, and CIFS file servers.

The web content is proxied by the ASA and rewritten so that any URLs in the web content are passed as query parameters sent to the ASA web interface. Where scripting content is present, the ASA places a JavaScript wrapper around the original webpage's Document Object Model (DOM), to prevent the webpage from accessing the ASA's DOM.

Credit: David Byrne of Trustwave's SpiderLabs

Finding 1: Post-Authentication Cross-Site Scripting CVE: CVE-2009-1201 The ASA's DOM wrapper can be rewritten in a manner to allow Cross-Site Scripting (XSS) attacks. For example, the "csco_wrap_js" JavaScript function in /+CSCOL+/cte.js makes a call to a function referenced by "CSCO_WebVPN['process']". The result of this call is then used in an "eval" statement.

function csco_wrap_js(str) { var ret=""; var js_mangled=CSCO_WebVPN'process'; ret+=CSCO_WebVPN'process';

To exploit this behavior, a malicious page can rewrite "CSCO_WebVPN['process']" with an attacker-defined function that will return an arbitrary value. The next time the "csco_wrap_js" function is called, the malicious code will be executed. Below is a proof of concept.

function a(b, c) { return "alert('Your VPN location:\\n\\n'+" + "document.location+'\\n\\n\\n\\n\\n" + "Your VPN cookie:\\n\\n'+document.cookie);"; } CSCO_WebVPN['process'] = a; csco_wrap_js('');

Vendor Response: This vulnerability has been corrected in versions 8.0.4.34, and 8.1.2.25. Updated Cisco ASA software can be downloaded from: http://www.cisco.com/pcgi-bin/tablebuild.pl/ASAPSIRT

A vendor response will be posted at http://www.cisco.com/security This vulnerability is documented in Cisco Bug ID: CSCsy80694.

CVSS Score: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:H/RL:U/RC:C Base: 4.3 Temporal: 3.9

Finding 2: HTML Rewriting Bypass CVE: CVE-2009-1202 When a webpage is requested through the ASA's Web VPN, the targeted scheme and hostname is Rot13-encoded, then hex-encoded and placed in the ASA's URL. For example, "http://www.trustwave.com" is accessed by requesting the following ASA path:

/+CSCO+0075676763663A2F2F6A6A6A2E67656866676A6E69722E70627A+ +/

The HTML content of this request is obviously reformatted by the ASA, starting at the very beginning:

  <script id='CSCO_GHOST' src="/+webvpn+/toolbar.js">

However, if the request URL is modified to change the initial hex value of "00" to "01", the HTML document is returned without any rewriting. This allows the pages scriptable content to run in the ASA's DOM, making Cross-Site Scripting trivial.

Vendor Response: This vulnerability has been corrected in versions 8.0.4.34, and 8.1.2.25. Updated Cisco ASA software can be downloaded from: http://www.cisco.com/pcgi-bin/tablebuild.pl/ASAPSIRT

A vendor response will be posted at http://www.cisco.com/security This vulnerability is documented in Cisco Bug ID: CSCsy80705.

CVSS Score: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:H/RL:U/RC:C Base: 4.3 Temporal: 3.9

Finding 3: Authentication Credential Theft CVE: CVE-2009-1203 When a user accesses an FTP or CIFS destination using the Web VPN, the resulting URL is formatted in a similar manner as the web requests described above. The following URL attempts to connect to ftp.example.com; normally, it would be in an HTML frame within the Web VPN website.

/+CSCOE+/files/browse.html?code=init&path=ftp%3A%2F%2F736763 2e726b6e7a6379722e70627a

The ASA first attempts to connect to the FTP server or CIFS share using anonymous credentials. If those fail, the user is prompted for login credentials. When viewed on its own (outside of a frame), the submission form gives no indication what it is for and is very similar in appearance to the Web VPN's primary login page. If the URL was sent to a user by an attacker, it is very possible that a user would assume that he needs to resubmit credentials to the Web VPN. The ASA would then forward the credentials to the attacker's FTP or CIFS server.

Vendor Response: This vulnerability has been corrected in versions 8.0.4.34, and 8.1.2.25. Updated Cisco ASA software can be downloaded from: http://www.cisco.com/pcgi-bin/tablebuild.pl/ASAPSIRT

A vendor response will be posted at http://www.cisco.com/security This vulnerability is documented in Cisco Bug ID: CSCsy80709.

CVSS Score: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:H/RL:U/RC:C Base: 4.3 Temporal: 3.9

Vendor Communication Timeline: 03/31/09 - Cisco notified of vulnerabilities 06/24/09 - Cisco software updates released; Advisory released

Remediation Steps: Install updated software from Cisco.

Revision History: 1.0 Initial publication

About Trustwave: Trustwave is the leading provider of on-demand and subscription-based information security and payment card industry compliance management solutions to businesses and government entities throughout the world. For organizations faced with today's challenging data security and compliance environment, Trustwave provides a unique approach with comprehensive solutions that include its flagship TrustKeeper compliance management software and other proprietary security solutions. Trustwave has helped thousands of organizations--ranging from Fortune 500 businesses and large financial institutions to small and medium-sized retailers--manage compliance and secure their network infrastructure, data communications and critical information assets. Trustwave is headquartered in Chicago with offices throughout North America, South America, Europe, Africa, China and Australia. For more information, visit https://www.trustwave.com

About Trustwave's SpiderLabs: SpiderLabs is the advance security team at Trustwave responsible for incident response and forensics, ethical hacking and application security tests for Trustwave's clients. SpiderLabs has responded to hundreds of security incidents, performed thousands of ethical hacking exercises and tested the security of hundreds of business applications for Fortune 500 organizations. For more information visit https://www.trustwave.com/spiderlabs

Disclaimer: The information provided in this advisory is provided "as is" without warranty of any kind. Trustwave disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Trustwave or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Trustwave or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . ----------------------------------------------------------------------

Do you have VARM strategy implemented?

(Vulnerability Assessment Remediation Management)

If not, then implement it through the most reliable vulnerability intelligence source on the market.

Implement it through Secunia.

For more information visit: http://secunia.com/advisories/business_solutions/

Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com

TITLE: Cisco ASA WebVPN Multiple Vulnerabilities

SECUNIA ADVISORY ID: SA35511

VERIFY ADVISORY: http://secunia.com/advisories/35511/

DESCRIPTION: Some vulnerabilities and a security issue have been reported in Cisco Adaptive Security Appliance (ASA), which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks.

1) Input passed within web pages is not properly sanitised before being used in a call to eval() in context of the VPN web portal. This can be exploited to execute arbitrary HTML and script code in user's browser session in context of the WebVPN. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of the VPN web portal.

3) A security issue exists in the handling of Common Internet File System (CIFS) and FTP shares in the SSL VPN feature. This can be exploited to conduct spoofing attacks and potentially disclose the user's credentials if a user follows a specially crafted link.

The vulnerabilities are reported in versions prior to 8.0.4(34), 8.1.2(25), and 8.2.1(3) that are configured to accept Clientless SSL VPN connections.

SOLUTION: Update to version 8.0.4(34), 8.1.2(25), or 8.2.1(3). http://www.cisco.com/pcgi-bin/tablebuild.pl/ASAPSIRT

PROVIDED AND/OR DISCOVERED BY: David Byrne, Trustwave's SpiderLabs

ORIGINAL ADVISORY: Cisco: http://tools.cisco.com/security/center/viewAlert.x?alertId=18373 http://tools.cisco.com/security/center/viewAlert.x?alertId=18442 http://tools.cisco.com/security/center/viewAlert.x?alertId=18536

Trustwave: https://www.trustwave.com/spiderlabs/advisories/TWSL2009-002.txt

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200906-0070",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "adaptive security appliance",
        "scope": "eq",
        "trust": 2.7,
        "vendor": "cisco",
        "version": "8.2.1"
      },
      {
        "model": "adaptive security appliance",
        "scope": "eq",
        "trust": 2.7,
        "vendor": "cisco",
        "version": "8.1.2"
      },
      {
        "model": "adaptive security appliance",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "8.0\\(4\\)"
      },
      {
        "model": "adaptive security appliance",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "cisco",
        "version": "8.0(4)"
      },
      {
        "model": "adaptive security appliance",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      },
      {
        "model": "adaptive security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.0.211"
      },
      {
        "model": "adaptive security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.1(2)19"
      },
      {
        "model": "adaptive security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.1(2)14"
      },
      {
        "model": "adaptive security appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.2.13"
      },
      {
        "model": "adaptive security appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.1.2.25"
      },
      {
        "model": "adaptive security appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.0.4.34"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "35475"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001871"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-1203"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200906-388"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:adaptive_security_appliance:8.2.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:adaptive_security_appliance:8.1.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:adaptive_security_appliance:8.0\\(4\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:adaptive_security_appliance:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2009-1203"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "David Byrne  davidribyrne@yahoo.com",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200906-388"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2009-1203",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 6.8,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 6.0,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2009-1203",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 6.8,
            "id": "VHN-38649",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:S/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2009-1203",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200906-388",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-38649",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-38649"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001871"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-1203"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200906-388"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 does not properly distinguish its own login screen from the login screens it produces for third-party (1) FTP and (2) CIFS servers, which makes it easier for remote attackers to trick a user into sending WebVPN credentials to an arbitrary server via a URL associated with that server, aka Bug ID CSCsy80709. Cisco Adaptive Security Appliance (ASA) is prone to a vulnerability that can aid in phishing attacks. \nAn attacker can exploit this issue to display a fake login window that\u0027s visually similar to the device\u0027s login window, which may mislead users. \nThis issue is tracked by Cisco Bug ID CSCsy80709. \nThe attacker can exploit this issue to set up phishing attacks. Successful exploits could aid in further attacks. \nVersions prior to ASA 8.0.4.34 and 8.1.2.25 are vulnerable. Trustwave\u0027s SpiderLabs Security Advisory TWSL2009-002: \nCisco ASA Web VPN Multiple Vulnerabilities\n\nPublished: 2009-06-24 Version: 1.0\n\nVendor: Cisco Systems, Inc. (http://www.cisco.com)\n\nVersions affected: 8.0(4), 8.1.2, and 8.2.1\n\nDescription: Cisco\u0027s Adaptive Security Appliance (ASA)\nprovides a number of security related features, including\n\"Web VPN\" functionality that allows authenticated users to\naccess a variety of content through a web interface. This\nincludes other web content, FTP servers, and CIFS file\nservers. \n\nThe web content is proxied by the ASA and rewritten so that\nany URLs in the web content are passed as query parameters\nsent to the ASA web interface. Where scripting content is\npresent, the ASA places a JavaScript wrapper around the\noriginal webpage\u0027s Document Object Model (DOM), to prevent\nthe webpage from accessing the ASA\u0027s DOM. \n\nCredit: David Byrne of Trustwave\u0027s SpiderLabs\n\n\nFinding 1: Post-Authentication Cross-Site Scripting\nCVE: CVE-2009-1201\nThe ASA\u0027s DOM wrapper can be rewritten in a manner to allow\nCross-Site Scripting (XSS) attacks. For example, the\n\"csco_wrap_js\" JavaScript function in /+CSCOL+/cte.js makes\na call to a function referenced by \"CSCO_WebVPN[\u0027process\u0027]\". \nThe result of this call is then used in an \"eval\" statement. \n\nfunction csco_wrap_js(str)\n{\n   var ret=\"\u003cscript id=CSCO_GHOST src=\"+CSCO_Gateway+\n           \"/+CSCOL+/cte.js\u003e\u003c/scr\"+\n           \"ipt\u003e\u003cscript id=CSCO_GHOST src=\"+\n           CSCO_Gateway+\"/+CSCOE+/apcf\u003e\u003c/sc\"+\"ript\u003e\";\n   var js_mangled=CSCO_WebVPN[\u0027process\u0027](\u0027js\u0027,str);\n   ret+=CSCO_WebVPN[\u0027process\u0027](\u0027html\u0027,eval(js_mangled));\n   return ret;\n};\n\nTo exploit this behavior, a malicious page can rewrite\n\"CSCO_WebVPN[\u0027process\u0027]\" with an attacker-defined function\nthat will return an arbitrary value. The next time the\n\"csco_wrap_js\" function is called, the malicious code will\nbe executed. Below is a proof of concept. \n\n\u003chtml\u003e\u003cscript\u003e\nfunction a(b, c)\n{\n   return \"alert(\u0027Your VPN location:\\\\n\\\\n\u0027+\" +\n   \"document.location+\u0027\\\\n\\\\n\\\\n\\\\n\\\\n\" +\n   \"Your VPN cookie:\\\\n\\\\n\u0027+document.cookie);\";\n}\nCSCO_WebVPN[\u0027process\u0027] = a;\ncsco_wrap_js(\u0027\u0027);\n\u003c/script\u003e\u003c/html\u003e\n\nVendor Response:\nThis vulnerability has been corrected in versions 8.0.4.34,\nand 8.1.2.25. \nUpdated Cisco ASA software can be downloaded from:\nhttp://www.cisco.com/pcgi-bin/tablebuild.pl/ASAPSIRT\n\nA vendor response will be posted at\nhttp://www.cisco.com/security This vulnerability is\ndocumented in Cisco Bug ID:  CSCsy80694. \n\nCVSS Score: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:H/RL:U/RC:C\nBase: 4.3\nTemporal: 3.9\n\n\nFinding 2: HTML Rewriting Bypass\nCVE: CVE-2009-1202\nWhen a webpage is requested through the ASA\u0027s Web VPN, the\ntargeted scheme and hostname is Rot13-encoded, then\nhex-encoded and placed in the ASA\u0027s URL. For example,\n\"http://www.trustwave.com\" is accessed by requesting the\nfollowing ASA path:\n      \n/+CSCO+0075676763663A2F2F6A6A6A2E67656866676A6E69722E70627A+\n+/\n\nThe HTML content of this request is obviously reformatted by\nthe ASA, starting at the very beginning:\n\n      \u003cscript id=\u0027CSCO_GHOST\u0027 src=\"/+webvpn+/toolbar.js\"\u003e\n\nHowever, if the request URL is modified to change the\ninitial hex value of \"00\" to \"01\", the HTML document is\nreturned without any rewriting. This allows the pages\nscriptable content to run in the ASA\u0027s DOM, making\nCross-Site Scripting trivial. \n\nVendor Response:\nThis vulnerability has been corrected in versions 8.0.4.34,\nand 8.1.2.25. \nUpdated Cisco ASA software can be downloaded from:\nhttp://www.cisco.com/pcgi-bin/tablebuild.pl/ASAPSIRT\n\nA vendor response will be posted at\nhttp://www.cisco.com/security\nThis vulnerability is documented in Cisco Bug ID:\nCSCsy80705. \n\nCVSS Score: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:H/RL:U/RC:C\nBase: 4.3\nTemporal: 3.9\n\n\nFinding 3: Authentication Credential Theft\nCVE: CVE-2009-1203\nWhen a user accesses an FTP or CIFS destination using the\nWeb VPN, the resulting URL is formatted in a similar manner\nas the web requests described above. The following URL\nattempts to connect to ftp.example.com; normally, it would\nbe in an HTML frame within the Web VPN website. \n\n      \n/+CSCOE+/files/browse.html?code=init\u0026path=ftp%3A%2F%2F736763\n2e726b6e7a6379722e70627a\n\nThe ASA first attempts to connect to the FTP server or CIFS\nshare using anonymous credentials. If those fail, the user\nis prompted for login credentials. When viewed on its own\n(outside of a frame), the submission form gives no\nindication what it is for and is very similar in appearance\nto the Web VPN\u0027s primary login page. If the URL was sent to\na user by an attacker, it is very possible that a user would\nassume that he needs to resubmit credentials to the Web VPN. \nThe ASA would then forward the credentials to the attacker\u0027s\nFTP or CIFS server. \n\nVendor Response:\nThis vulnerability has been corrected in versions 8.0.4.34,\nand 8.1.2.25. \nUpdated Cisco ASA software can be downloaded from:\nhttp://www.cisco.com/pcgi-bin/tablebuild.pl/ASAPSIRT\n\nA vendor response will be posted at\nhttp://www.cisco.com/security\nThis vulnerability is documented in Cisco Bug ID:\nCSCsy80709. \n\nCVSS Score: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:H/RL:U/RC:C\nBase: 4.3\nTemporal: 3.9\n\n\nVendor Communication Timeline:\n03/31/09 - Cisco notified of vulnerabilities\n06/24/09 - Cisco software updates released; Advisory\n           released\n\nRemediation Steps: Install updated software from Cisco. \n\n\nRevision History: 1.0 Initial publication\n\nAbout Trustwave:\nTrustwave is the leading provider of on-demand and\nsubscription-based information security and payment card\nindustry compliance management solutions to businesses and\ngovernment entities throughout the world. For organizations\nfaced with today\u0027s challenging data security and compliance\nenvironment, Trustwave provides a unique approach with\ncomprehensive solutions that include its flagship\nTrustKeeper compliance management software and other\nproprietary security solutions. Trustwave has helped\nthousands of organizations--ranging from Fortune 500\nbusinesses and large financial institutions to small and\nmedium-sized retailers--manage compliance and secure their\nnetwork infrastructure, data communications and critical\ninformation assets. Trustwave is headquartered in Chicago\nwith offices throughout North America, South America,\nEurope, Africa, China and Australia. For more information,\nvisit https://www.trustwave.com\n\nAbout Trustwave\u0027s SpiderLabs:\nSpiderLabs is the advance security team at Trustwave\nresponsible for incident response and forensics, ethical\nhacking and application security tests for Trustwave\u0027s\nclients. SpiderLabs has responded to hundreds of security\nincidents, performed thousands of ethical hacking exercises\nand tested the security of hundreds of business applications\nfor Fortune 500 organizations. For more information visit\nhttps://www.trustwave.com/spiderlabs\n\nDisclaimer:\nThe information provided in this advisory is provided \"as\nis\" without warranty of any kind. Trustwave disclaims all\nwarranties, either express or implied, including the\nwarranties of merchantability and fitness for a particular\npurpose. In no event shall Trustwave or its suppliers be\nliable for any damages whatsoever including direct,\nindirect, incidental, consequential, loss of business\nprofits or special damages, even if Trustwave or its\nsuppliers have been advised of the possibility of such\ndamages. Some states do not allow the exclusion or\nlimitation of liability for consequential or incidental\ndamages so the foregoing limitation may not apply. \n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. ----------------------------------------------------------------------\n\nDo you have VARM strategy implemented?\n\n(Vulnerability Assessment Remediation Management)  \n\nIf not, then implement it through the most reliable vulnerability\nintelligence source on the market. \n\nImplement it through Secunia. \n\nFor more information visit:\nhttp://secunia.com/advisories/business_solutions/\n\nAlternatively request a call from a Secunia representative today to\ndiscuss how we can help you with our capabilities contact us at:\nsales@secunia.com\n\n----------------------------------------------------------------------\n\nTITLE:\nCisco ASA WebVPN Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA35511\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/35511/\n\nDESCRIPTION:\nSome vulnerabilities and a security issue have been reported in Cisco\nAdaptive Security Appliance (ASA), which can be exploited by malicious\npeople to conduct cross-site scripting and spoofing attacks. \n\n1) Input passed within web pages is not properly sanitised before\nbeing used in a call to eval() in context of the VPN web portal. This\ncan be exploited to execute arbitrary HTML and script code in user\u0027s\nbrowser session in context of the WebVPN. This can be\nexploited to execute arbitrary HTML and script code in a user\u0027s\nbrowser session in context of the VPN web portal. \n\n3) A security issue exists in the handling of Common Internet File\nSystem (CIFS) and FTP shares in the SSL VPN feature. This can be\nexploited to conduct spoofing attacks and potentially disclose the\nuser\u0027s credentials if a user follows a specially crafted link. \n\nThe vulnerabilities are reported in versions prior to 8.0.4(34),\n8.1.2(25), and 8.2.1(3) that are configured to accept Clientless SSL\nVPN connections. \n\nSOLUTION:\nUpdate to version 8.0.4(34), 8.1.2(25), or 8.2.1(3). \nhttp://www.cisco.com/pcgi-bin/tablebuild.pl/ASAPSIRT\n\nPROVIDED AND/OR DISCOVERED BY:\nDavid Byrne, Trustwave\u0027s SpiderLabs\n\nORIGINAL ADVISORY:\nCisco:\nhttp://tools.cisco.com/security/center/viewAlert.x?alertId=18373\nhttp://tools.cisco.com/security/center/viewAlert.x?alertId=18442\nhttp://tools.cisco.com/security/center/viewAlert.x?alertId=18536\n\nTrustwave:\nhttps://www.trustwave.com/spiderlabs/advisories/TWSL2009-002.txt\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2009-1203"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001871"
      },
      {
        "db": "BID",
        "id": "35475"
      },
      {
        "db": "VULHUB",
        "id": "VHN-38649"
      },
      {
        "db": "PACKETSTORM",
        "id": "78639"
      },
      {
        "db": "PACKETSTORM",
        "id": "78856"
      }
    ],
    "trust": 2.16
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-38649",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-38649"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2009-1203",
        "trust": 2.9
      },
      {
        "db": "BID",
        "id": "35475",
        "trust": 2.8
      },
      {
        "db": "SECUNIA",
        "id": "35511",
        "trust": 1.2
      },
      {
        "db": "SECTRACK",
        "id": "1022457",
        "trust": 1.1
      },
      {
        "db": "VUPEN",
        "id": "ADV-2009-1713",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001871",
        "trust": 0.8
      },
      {
        "db": "BUGTRAQ",
        "id": "20090624 TRUSTWAVE\u0027S SPIDERLABS SECURITY ADVISORY TWSL2009-002",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200906-388",
        "trust": 0.6
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-86309",
        "trust": 0.1
      },
      {
        "db": "EXPLOIT-DB",
        "id": "33054",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-38649",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "78639",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "78856",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-38649"
      },
      {
        "db": "BID",
        "id": "35475"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001871"
      },
      {
        "db": "PACKETSTORM",
        "id": "78639"
      },
      {
        "db": "PACKETSTORM",
        "id": "78856"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-1203"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200906-388"
      }
    ]
  },
  "id": "VAR-200906-0070",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-38649"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:30:19.790000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "18536",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=18536"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001871"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-Other",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001871"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-1203"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://www.securityfocus.com/bid/35475"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/504516/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id?1022457"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/35511"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2009/1713"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1203"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-1203"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/archive/1/archive/1/504516/100/0/threaded"
      },
      {
        "trust": 0.4,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=18536"
      },
      {
        "trust": 0.4,
        "url": "https://www.trustwave.com/spiderlabs/advisories/twsl2009-002.txt"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/en/us/products/ps6120/index.html"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/504516"
      },
      {
        "trust": 0.2,
        "url": "http://www.cisco.com/pcgi-bin/tablebuild.pl/asapsirt"
      },
      {
        "trust": 0.1,
        "url": "http://www.trustwave.com\""
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1202"
      },
      {
        "trust": 0.1,
        "url": "https://www.trustwave.com/spiderlabs"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1203"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1201"
      },
      {
        "trust": 0.1,
        "url": "http://www.cisco.com/security"
      },
      {
        "trust": 0.1,
        "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.cisco.com)"
      },
      {
        "trust": 0.1,
        "url": "https://www.trustwave.com"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/business_solutions/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/35511/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=18442"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=18373"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/about_secunia_advisories/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-38649"
      },
      {
        "db": "BID",
        "id": "35475"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001871"
      },
      {
        "db": "PACKETSTORM",
        "id": "78639"
      },
      {
        "db": "PACKETSTORM",
        "id": "78856"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-1203"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200906-388"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-38649"
      },
      {
        "db": "BID",
        "id": "35475"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001871"
      },
      {
        "db": "PACKETSTORM",
        "id": "78639"
      },
      {
        "db": "PACKETSTORM",
        "id": "78856"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-1203"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200906-388"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2009-06-25T00:00:00",
        "db": "VULHUB",
        "id": "VHN-38649"
      },
      {
        "date": "2009-06-24T00:00:00",
        "db": "BID",
        "id": "35475"
      },
      {
        "date": "2009-08-12T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2009-001871"
      },
      {
        "date": "2009-06-25T00:37:57",
        "db": "PACKETSTORM",
        "id": "78639"
      },
      {
        "date": "2009-07-01T09:39:17",
        "db": "PACKETSTORM",
        "id": "78856"
      },
      {
        "date": "2009-06-25T17:30:00.267000",
        "db": "NVD",
        "id": "CVE-2009-1203"
      },
      {
        "date": "2009-06-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200906-388"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-10-10T00:00:00",
        "db": "VULHUB",
        "id": "VHN-38649"
      },
      {
        "date": "2009-06-26T13:49:00",
        "db": "BID",
        "id": "35475"
      },
      {
        "date": "2009-08-12T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2009-001871"
      },
      {
        "date": "2018-10-10T19:35:08.230000",
        "db": "NVD",
        "id": "CVE-2009-1203"
      },
      {
        "date": "2009-06-26T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200906-388"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200906-388"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Adaptive Security Appliances (ASA) Device  WebVPN In  WebVPN Vulnerability that makes it easy to send certificates",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001871"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200906-388"
      }
    ],
    "trust": 0.6
  }
}

CERTA-2009-AVI-260

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités affectant Cisco ASA software permettent à une personne malintentionnée de porter atteinte à la confidentialité des données et d'effectuer une injection de code indirecte.

Description

Plusieurs vulnérabilités ont été découvertes dans Cisco ASA Software :

un manque de restriction à l'accès au Document Object Model (DOM) permet à une personne malintentionnée d'effectuer une injection de code indirecte ;
un manque de contrôle sur le paramètre Rot13-encoded permet à une personne malintentionnée d'effectuer une injection de code indirecte ;
un manque de contrôle et d'alerte lors de l'utilisation de Common Internet File System (CIFS) et des partages FTP permet à une personne malintentionnée de voler les données d'identification d'un utilisateur.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Cisco ASA software versions antérieures à la 8.0.4(34) ;
Cisco ASA software versions antérieures à la 8.1.2(25) ;
Cisco ASA software versions antérieures à la 8.2.1(3).

Toutes ces versions sont vulnérables lorsqu'elles sont installées sur les équipements Cisco ASA 5505, 5510, 5520, 5540, 5550 et 5580.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletins d'alerte Cisco 18373, 18442 et 18536 du 24 juin 2009	None	vendor-advisory
Bulletin d'alerte Cisco 18536 du 24 juin 2009 :	-	other
Bulletin d'alerte Cisco 18442 du 24 juin 2009 :	-	other
Bulletin d'alerte Cisco 18373 du 24 juin 2009 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cUL\u003e    \u003cLI\u003eCisco ASA software versions ant\u00e9rieures \u00e0 la 8.0.4(34)    ;\u003c/LI\u003e    \u003cLI\u003eCisco ASA software versions ant\u00e9rieures \u00e0 la 8.1.2(25)    ;\u003c/LI\u003e    \u003cLI\u003eCisco ASA software versions ant\u00e9rieures \u00e0 la 8.2.1(3).\u003c/LI\u003e  \u003c/UL\u003e  \u003cP\u003eToutes ces versions sont vuln\u00e9rables lorsqu\u0027elles sont  install\u00e9es sur les \u00e9quipements Cisco ASA 5505, 5510, 5520, 5540,  5550 et 5580.\u003c/P\u003e",
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Cisco ASA Software :\n\n-   un manque de restriction \u00e0 l\u0027acc\u00e8s au Document Object Model (DOM)\n    permet \u00e0 une personne malintentionn\u00e9e d\u0027effectuer une injection de\n    code indirecte ;\n-   un manque de contr\u00f4le sur le param\u00e8tre Rot13-encoded permet \u00e0 une\n    personne malintentionn\u00e9e d\u0027effectuer une injection de code indirecte\n    ;\n-   un manque de contr\u00f4le et d\u0027alerte lors de l\u0027utilisation de Common\n    Internet File System (CIFS) et des partages FTP permet \u00e0 une\n    personne malintentionn\u00e9e de voler les donn\u00e9es d\u0027identification d\u0027un\n    utilisateur.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-1202",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1202"
    },
    {
      "name": "CVE-2009-1201",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1201"
    },
    {
      "name": "CVE-2009-1203",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1203"
    }
  ],
  "links": [
    {
      "title": "Bulletin d\u0027alerte Cisco 18536 du 24 juin 2009 :",
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=18536"
    },
    {
      "title": "Bulletin d\u0027alerte Cisco 18442 du 24 juin 2009 :",
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=18442"
    },
    {
      "title": "Bulletin d\u0027alerte Cisco 18373 du 24 juin 2009 :",
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=18373"
    }
  ],
  "reference": "CERTA-2009-AVI-260",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-06-30T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s affectant Cisco ASA software permettent \u00e0 une\npersonne malintentionn\u00e9e de porter atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es et d\u0027effectuer une injection de code indirecte.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Cisco Adaptive Security Appliance",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletins d\u0027alerte Cisco 18373, 18442 et 18536 du 24 juin 2009",
      "url": null
    }
  ]
}

CERTA-2009-AVI-260

Vulnerability from certfr_avis - Published: - Updated:

Description

Plusieurs vulnérabilités ont été découvertes dans Cisco ASA Software :

un manque de restriction à l'accès au Document Object Model (DOM) permet à une personne malintentionnée d'effectuer une injection de code indirecte ;
un manque de contrôle sur le paramètre Rot13-encoded permet à une personne malintentionnée d'effectuer une injection de code indirecte ;
un manque de contrôle et d'alerte lors de l'utilisation de Common Internet File System (CIFS) et des partages FTP permet à une personne malintentionnée de voler les données d'identification d'un utilisateur.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Cisco ASA software versions antérieures à la 8.0.4(34) ;
Cisco ASA software versions antérieures à la 8.1.2(25) ;
Cisco ASA software versions antérieures à la 8.2.1(3).

Toutes ces versions sont vulnérables lorsqu'elles sont installées sur les équipements Cisco ASA 5505, 5510, 5520, 5540, 5550 et 5580.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletins d'alerte Cisco 18373, 18442 et 18536 du 24 juin 2009	None	vendor-advisory
Bulletin d'alerte Cisco 18536 du 24 juin 2009 :	-	other
Bulletin d'alerte Cisco 18442 du 24 juin 2009 :	-	other
Bulletin d'alerte Cisco 18373 du 24 juin 2009 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cUL\u003e    \u003cLI\u003eCisco ASA software versions ant\u00e9rieures \u00e0 la 8.0.4(34)    ;\u003c/LI\u003e    \u003cLI\u003eCisco ASA software versions ant\u00e9rieures \u00e0 la 8.1.2(25)    ;\u003c/LI\u003e    \u003cLI\u003eCisco ASA software versions ant\u00e9rieures \u00e0 la 8.2.1(3).\u003c/LI\u003e  \u003c/UL\u003e  \u003cP\u003eToutes ces versions sont vuln\u00e9rables lorsqu\u0027elles sont  install\u00e9es sur les \u00e9quipements Cisco ASA 5505, 5510, 5520, 5540,  5550 et 5580.\u003c/P\u003e",
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Cisco ASA Software :\n\n-   un manque de restriction \u00e0 l\u0027acc\u00e8s au Document Object Model (DOM)\n    permet \u00e0 une personne malintentionn\u00e9e d\u0027effectuer une injection de\n    code indirecte ;\n-   un manque de contr\u00f4le sur le param\u00e8tre Rot13-encoded permet \u00e0 une\n    personne malintentionn\u00e9e d\u0027effectuer une injection de code indirecte\n    ;\n-   un manque de contr\u00f4le et d\u0027alerte lors de l\u0027utilisation de Common\n    Internet File System (CIFS) et des partages FTP permet \u00e0 une\n    personne malintentionn\u00e9e de voler les donn\u00e9es d\u0027identification d\u0027un\n    utilisateur.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-1202",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1202"
    },
    {
      "name": "CVE-2009-1201",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1201"
    },
    {
      "name": "CVE-2009-1203",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1203"
    }
  ],
  "links": [
    {
      "title": "Bulletin d\u0027alerte Cisco 18536 du 24 juin 2009 :",
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=18536"
    },
    {
      "title": "Bulletin d\u0027alerte Cisco 18442 du 24 juin 2009 :",
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=18442"
    },
    {
      "title": "Bulletin d\u0027alerte Cisco 18373 du 24 juin 2009 :",
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=18373"
    }
  ],
  "reference": "CERTA-2009-AVI-260",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-06-30T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s affectant Cisco ASA software permettent \u00e0 une\npersonne malintentionn\u00e9e de porter atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es et d\u0027effectuer une injection de code indirecte.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Cisco Adaptive Security Appliance",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletins d\u0027alerte Cisco 18373, 18442 et 18536 du 24 juin 2009",
      "url": null
    }
  ]
}

GHSA-RVXP-PM7Q-GJ4F

Vulnerability from github – Published: 2022-05-02 03:22 – Updated: 2022-05-02 03:22

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2009-1203"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-06-25T17:30:00Z",
    "severity": "MODERATE"
  },
  "details": "WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 does not properly distinguish its own login screen from the login screens it produces for third-party (1) FTP and (2) CIFS servers, which makes it easier for remote attackers to trick a user into sending WebVPN credentials to an arbitrary server via a URL associated with that server, aka Bug ID CSCsy80709.",
  "id": "GHSA-rvxp-pm7q-gj4f",
  "modified": "2022-05-02T03:22:43Z",
  "published": "2022-05-02T03:22:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1203"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35511"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/504516/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/35475"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1022457"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/1713"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2009-1203

Vulnerability from fkie_nvd - Published: 2009-06-25 17:30 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/35511
cve@mitre.org	http://www.securityfocus.com/archive/1/504516/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/35475	Exploit
cve@mitre.org	http://www.securitytracker.com/id?1022457
cve@mitre.org	http://www.vupen.com/english/advisories/2009/1713
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/35511
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/504516/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/35475	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1022457
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/1713

Impacted products

Vendor	Product	Version
cisco	adaptive_security_appliance	8.0\(4\)
cisco	adaptive_security_appliance	8.1.2
cisco	adaptive_security_appliance	8.2.1
cisco	adaptive_security_appliance	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:adaptive_security_appliance:8.0\\(4\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "98CBFBF5-966C-48E8-BAFB-DED4E58098F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:adaptive_security_appliance:8.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "13BC5744-8EB0-4BE3-A743-E95BCD6E2CC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:adaptive_security_appliance:8.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7853F676-A9A4-4980-B698-19C60F4DD71F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:adaptive_security_appliance:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D80DB80-F243-469B-993F-E368B092B3C5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 does not properly distinguish its own login screen from the login screens it produces for third-party (1) FTP and (2) CIFS servers, which makes it easier for remote attackers to trick a user into sending WebVPN credentials to an arbitrary server via a URL associated with that server, aka Bug ID CSCsy80709."
    },
    {
      "lang": "es",
      "value": "WebVPN en los dispositivos Cisco Adaptive Security Appliances (ASA) con software 8.0(4), 8.1.2, y 8.2.1 no distingue de manera apropiada su propia pantalla de login de las pantallas de login que produce para servidores (1) FTP and (2) CIFS de terceros, lo que facilita a atacantes remotos enga\u00f1ar a un usuario envi\u00e1ndole credenciales WebVPN para un servidor de su elecci\u00f3n mediante una URL asociada con este servidor, alias Bug ID CSCsy80709."
    }
  ],
  "id": "CVE-2009-1203",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2009-06-25T17:30:00.267",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/35511"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/504516/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/35475"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1022457"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2009/1713"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35511"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/504516/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/35475"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1022457"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2009/1713"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2009-1203 (GCVE-0-2009-1203)

GSD-2009-1203

VAR-200906-0070

CERTA-2009-AVI-260

Description

Solution

CERTA-2009-AVI-260

Description

Solution

GHSA-RVXP-PM7Q-GJ4F

FKIE_CVE-2009-1203

Tags

Sightings

Nomenclature