Vulnerability Description
WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 does not properly distinguish its own login screen from the login screens it produces for third-party (1) FTP and (2) CIFS servers, which makes it easier for remote attackers to trick a user into sending WebVPN credentials to an arbitrary server via a URL associated with that server, aka Bug ID CSCsy80709.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Adaptive Security Appliance | 8.0\(4\) |
References
- http://secunia.com/advisories/35511
- http://www.securityfocus.com/archive/1/504516/100/0/threaded
- http://www.securityfocus.com/bid/35475Exploit
- http://www.securitytracker.com/id?1022457
- http://www.vupen.com/english/advisories/2009/1713
- http://secunia.com/advisories/35511
- http://www.securityfocus.com/archive/1/504516/100/0/threaded
- http://www.securityfocus.com/bid/35475Exploit
- http://www.securitytracker.com/id?1022457
- http://www.vupen.com/english/advisories/2009/1713
FAQ
What is CVE-2009-1203?
CVE-2009-1203 is a vulnerability with a CVSS score of 6.0 (MEDIUM). WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 does not properly distinguish its own login screen from the login screens it produces for third-par...
How severe is CVE-2009-1203?
CVE-2009-1203 has been rated MEDIUM with a CVSS base score of 6.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-1203?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Adaptive Security Appliance.