| Vigil@nce describes vulnerabilities impacting your systems, and offers solutions to correct them. |
|
 |
|
|
|
vulnerability announce CVE-2009-1201 CVE-2009-1202 CVE-2009-1203
Cisco ASA: vulnerabilities of the Web VPN
Synthesis of the vulnerability
| An attacker can use three vulnerabilities of the Web VPN of Cisco ASA in order to execute JavaScript code or to obtain authentication credential. |
Severity: 2/4.
Consequences: user access/rights, data reading.
Provenance: document.
Means of attack: no proof of concept, no attack.
Ability of attacker: expert (4/4).
Confidence: confirmed by the editor (5/5).
Diffusion of the vulnerable configuration: high (3/3).
Number of vulnerabilities in this bulletin: 3.
Creation date: 24/06/2009.
|
Impacted products
Description of the vulnerability
Three vulnerabilities were announced in Cisco ASA Web VPN, Clientless SSL VPN.
An attacker can create an HTML page containing a function stored in the CSCO_WebVPN['process'] variable. The csco_wrap_js() JavaScript function then calls attacker's function, and its code runs in the context of the web proxy. [severity:2/4; 18373, BID-35476, CSCsy80694, CVE-2009-1201, >]
The proxy changes urls using a ROT13 encoding. However, if a script changes the first byte, the returned page is not rewritten, and the JavaScript code it contains is thus executed in the context of the proxy. [severity:2/4; 18442, BID-35480, CSCsy80705, CVE-2009-1202, >]
An HTML page can contain a link to a FTP of CIFS site requesting an authentication. When the victim clicks on this link, a dialog box appears. However, this window is similar to the proxy authentication window, which can deceive the victime and invite him to enter his proxy login and password. [severity:2/4; 18536, BID-35475, CSCsy80709, CVE-2009-1203, >] |
Characteristics
Title: Cisco ASA: vulnerabilities of the Web VPN
Identifiers: 18373, 18442, 18536, BID-35474, BID-35475, BID-35476, BID-35480, CSCsy80694, CSCsy80705, CSCsy80709, CVE-2009-1201, CVE-2009-1202, CVE-2009-1203, TWSL2009-002, VIGILANCE-VUL-8822.
Url: https://vigilance.fr/tree/1/8822
|
Information sources
Solutions for this vulnerability
Supplements
Vulnerability : CVE-2009-1201
An attacker can create an HTML page containing a function stored in the CSCO_WebVPN['process'] variable. The csco_wrap_js() JavaScript function then calls attacker's function, and its code runs in the context of the web proxy.
Severity: 2/4.
Identifiers: 18373, BID-35476, CSCsy80694, CVE-2009-1201.
|
|
Vulnerability : CVE-2009-1202
The proxy changes urls using a ROT13 encoding. However, if a script changes the first byte, the returned page is not rewritten, and the JavaScript code it contains is thus executed in the context of the proxy.
Severity: 2/4.
Identifiers: 18442, BID-35480, CSCsy80705, CVE-2009-1202.
|
|
Vulnerability : CVE-2009-1203
An HTML page can contain a link to a FTP of CIFS site requesting an authentication. When the victim clicks on this link, a dialog box appears. However, this window is similar to the proxy authentication window, which can deceive the victime and invite him to enter his proxy login and password.
Severity: 2/4.
Identifiers: 18536, BID-35475, CSCsy80709, CVE-2009-1203.
|
|
|