Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-1203

Overview

Vulnerability Score 6.0 6.0
CVE Id CVE-2009-1203
Last Modified 04 May 2010 01:42:10
Published 25 Jun 2009 01:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2009-1203

Summary

WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 does not properly distinguish its own login screen from the login screens it produces for third-party (1) FTP and (2) CIFS servers, which makes it easier for remote attackers to trick a user into sending WebVPN credentials to an arbitrary server via a URL associated with that server, aka Bug ID CSCsy80709.

Vulnerable Systems

Application

  • Cisco Adaptive Security Appliance 8.0%284%29

  • Cisco Adaptive Security Appliance 8.1.2

  • Cisco Adaptive Security Appliance 8.2.1


References

VUPEN - ADV-2009-1713

SECTRACK - 1022457

BID - 35475

BUGTRAQ - 20090624 Trustwave's SpiderLabs Security Advisory TWSL2009-002

SECUNIA - 35511


Last Updated: 27 May 2016 10:50:29