Last Updated: 2010-02-02 23:58:13 UTC
by Guy Bruneau (Version: 1)
This vulnerability (CVE-2010-0440) could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. Cisco has released patches to address the vulnerability as well as workaround to mitigate this risk. The Cisco alert is available here.
The following versions are vulnerable:
- Cisco Secure Desktop versions prior to 3.5
- Cisco ASA appliances are vulnerable only if the Cisco Secure Desktop feature has been enabled
- Cisco ASA appliance versions prior to 8.2(1), 8.1(2.7), and 8.0(5) are vulnerable
Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot org