CVE-2009-1201
Cisco ASA Appliance 8.x - WebVPN DOM Wrapper Cross-Site Scripting
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
Eval injection vulnerability in the csco_wrap_js function in /+CSCOL+/cte.js in WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 allows remote attackers to bypass a DOM wrapper and conduct cross-site scripting (XSS) attacks by setting CSCO_WebVPN['process'] to the name of a crafted function, aka Bug ID CSCsy80694.
Vulnerabilidad de inyección "Eval" en la función csco_wrap_js en /+CSCOL+/cte.js en WebVPN en los dispositivos Cisco Adaptive Security Appliances (ASA) con software 8.0(4), 8.1.2, y 8.2.1, permite a atacantes remotos eludir un envoltorio (wrapper) DOM y realizar ataques de secuencias de comandos en sitios cruzados (XSS) configurando el valor CSCO_WebVPN['process'] con el nombre de la función modificada, alias Bug ID CSCsy80694.
The Cisco ASA Web VPN versions 8.0(4), 8.1.2, and 8.2.1 suffer from cross site scripting, credential theft, and html rewriting bypass vulnerabilities.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2009-03-31 CVE Reserved
- 2009-05-24 First Exploit
- 2009-06-25 CVE Published
- 2023-09-28 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (7)
URL | Tag | Source |
---|---|---|
http://secunia.com/advisories/35511 | Third Party Advisory | |
http://www.securityfocus.com/archive/1/504516/100/0/threaded | Mailing List | |
http://www.securitytracker.com/id?1022457 | Vdb Entry | |
http://www.vupen.com/english/advisories/2009/1713 | Vdb Entry | |
https://www.trustwave.com/spiderlabs/advisories/TWSL2009-002.txt | X_refsource_misc |
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/33055 | 2009-05-24 | |
http://www.securityfocus.com/bid/35476 | 2024-08-07 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Cisco Search vendor "Cisco" | Adaptive Security Appliance Search vendor "Cisco" for product "Adaptive Security Appliance" | 8.0\(4\) Search vendor "Cisco" for product "Adaptive Security Appliance" and version "8.0\(4\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Adaptive Security Appliance Search vendor "Cisco" for product "Adaptive Security Appliance" | * | - |
Affected
|
Cisco Search vendor "Cisco" | Adaptive Security Appliance Search vendor "Cisco" for product "Adaptive Security Appliance" | 8.1.2 Search vendor "Cisco" for product "Adaptive Security Appliance" and version "8.1.2" | - |
Affected
| in | Cisco Search vendor "Cisco" | Adaptive Security Appliance Search vendor "Cisco" for product "Adaptive Security Appliance" | * | - |
Affected
|
Cisco Search vendor "Cisco" | Adaptive Security Appliance Search vendor "Cisco" for product "Adaptive Security Appliance" | 8.2.1 Search vendor "Cisco" for product "Adaptive Security Appliance" and version "8.2.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Adaptive Security Appliance Search vendor "Cisco" for product "Adaptive Security Appliance" | * | - |
Affected
|