This site is deprecated. Please
CLICK HERE for latest updates
Short Name |
HTTP:CISCO:ASA-VPN-SEC-BYPASS
|
Severity |
Major
|
Recommended |
Yes
|
Recommended Action |
Drop
|
Category |
HTTP
|
Keywords |
Cisco ASA SSL WebVPN Security Bypass
|
Release Date |
2015/07/20
|
Update Number |
2517
|
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+
|
HTTP: Cisco ASA SSL WebVPN Security Bypass
This signature detects attempts to exploit a known vulnerability against Cisco ASA SSL WebVPN. Attackers can bypass security authentications which could lead to further attacks.
Extended Description
The Clientless SSL VPN portal customization framework in Cisco ASA Software 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.6 before 8.6(1.14), 9.0 before 9.0(4.24), 9.1 before 9.1(5.12), and 9.2 before 9.2(2.4) does not properly implement authentication, which allows remote attackers to modify RAMFS customization objects via unspecified vectors, as demonstrated by inserting XSS sequences or capturing credentials, aka Bug ID CSCup36829.
Affected Products
- Cisco adaptive_security_appliance_software 8.2.0.45
- Cisco adaptive_security_appliance_software 8.2.1
- Cisco adaptive_security_appliance_software 8.2.1.1
- Cisco adaptive_security_appliance_software 8.2.2
- Cisco adaptive_security_appliance_software 8.2.2.10
- Cisco adaptive_security_appliance_software 8.2.2.12
- Cisco adaptive_security_appliance_software 8.2.2.16
- Cisco adaptive_security_appliance_software 8.2.2.17
- Cisco adaptive_security_appliance_software 8.2.3
- Cisco adaptive_security_appliance_software 8.2.4
- Cisco adaptive_security_appliance_software 8.2.4.1
- Cisco adaptive_security_appliance_software 8.2.4.4
- Cisco adaptive_security_appliance_software 8.2.5
- Cisco adaptive_security_appliance_software 8.2.5.13
- Cisco adaptive_security_appliance_software 8.2.5.22
- Cisco adaptive_security_appliance_software 8.2.5.26
- Cisco adaptive_security_appliance_software 8.2.5.33
- Cisco adaptive_security_appliance_software 8.2.5.40
- Cisco adaptive_security_appliance_software 8.2.5.41
- Cisco adaptive_security_appliance_software 8.2.5.46
- Cisco adaptive_security_appliance_software 8.2.5.48
- Cisco adaptive_security_appliance_software 8.2.5.50
- Cisco adaptive_security_appliance_software 8.3.1
- Cisco adaptive_security_appliance_software 8.3.1.1
- Cisco adaptive_security_appliance_software 8.3.1.4
- Cisco adaptive_security_appliance_software 8.3.1.6
- Cisco adaptive_security_appliance_software 8.3.2
- Cisco adaptive_security_appliance_software 8.3.2.13
- Cisco adaptive_security_appliance_software 8.3.2.23
- Cisco adaptive_security_appliance_software 8.3.2.25
- Cisco adaptive_security_appliance_software 8.3.2.31
- Cisco adaptive_security_appliance_software 8.3.2.33
- Cisco adaptive_security_appliance_software 8.3.2.34
- Cisco adaptive_security_appliance_software 8.3.2.37
- Cisco adaptive_security_appliance_software 8.3.2.39
- Cisco adaptive_security_appliance_software 8.3.2.4
- Cisco adaptive_security_appliance_software 8.3.2.40
- Cisco adaptive_security_appliance_software 8.3.2.41
- Cisco adaptive_security_appliance_software 8.4.1
- Cisco adaptive_security_appliance_software 8.4.1.11
- Cisco adaptive_security_appliance_software 8.4.1.3
- Cisco adaptive_security_appliance_software 8.4.2
- Cisco adaptive_security_appliance_software 8.4.2.1
- Cisco adaptive_security_appliance_software 8.4.2.8
- Cisco adaptive_security_appliance_software 8.4.3
- Cisco adaptive_security_appliance_software 8.4.3.8
- Cisco adaptive_security_appliance_software 8.4.3.9
- Cisco adaptive_security_appliance_software 8.4.4
- Cisco adaptive_security_appliance_software 8.4.4.1
- Cisco adaptive_security_appliance_software 8.4.4.3
- Cisco adaptive_security_appliance_software 8.4.4.5
- Cisco adaptive_security_appliance_software 8.4.4.9
- Cisco adaptive_security_appliance_software 8.4.5
- Cisco adaptive_security_appliance_software 8.4.5.6
- Cisco adaptive_security_appliance_software 8.4.6
- Cisco adaptive_security_appliance_software 8.4.7
- Cisco adaptive_security_appliance_software 8.4.7.15
- Cisco adaptive_security_appliance_software 8.4.7.22
- Cisco adaptive_security_appliance_software 8.4.7.3
- Cisco adaptive_security_appliance_software 8.6.1
- Cisco adaptive_security_appliance_software 8.6.1.1
- Cisco adaptive_security_appliance_software 8.6.1.10
- Cisco adaptive_security_appliance_software 8.6.1.12
- Cisco adaptive_security_appliance_software 8.6.1.13
- Cisco adaptive_security_appliance_software 8.6.1.14
- Cisco adaptive_security_appliance_software 8.6.1.2
- Cisco adaptive_security_appliance_software 8.6.1.5
- Cisco adaptive_security_appliance_software 9.0.1
- Cisco adaptive_security_appliance_software 9.0.2
- Cisco adaptive_security_appliance_software 9.0.2.10
- Cisco adaptive_security_appliance_software 9.0.3
- Cisco adaptive_security_appliance_software 9.0.3.6
- Cisco adaptive_security_appliance_software 9.0.3.8
- Cisco adaptive_security_appliance_software 9.0.4
- Cisco adaptive_security_appliance_software 9.0.4.1
- Cisco adaptive_security_appliance_software 9.0.4.17
- Cisco adaptive_security_appliance_software 9.0.4.20
- Cisco adaptive_security_appliance_software 9.0.4.5
- Cisco adaptive_security_appliance_software 9.0.4.7
- Cisco adaptive_security_appliance_software 9.1..1
- Cisco adaptive_security_appliance_software 9.1.1.4
- Cisco adaptive_security_appliance_software 9.1.2
- Cisco adaptive_security_appliance_software 9.1.2.8
- Cisco adaptive_security_appliance_software 9.1.3
- Cisco adaptive_security_appliance_software 9.1.3.2
- Cisco adaptive_security_appliance_software 9.1.4
- Cisco adaptive_security_appliance_software 9.1.5
- Cisco adaptive_security_appliance_software 9.1.5.10
- Cisco adaptive_security_appliance_software 9.1.5.15
- Cisco adaptive_security_appliance_software 9.3.1
References