Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog - Cisco Secure Desktop Remote XSS Vulnerability InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Cisco Secure Desktop Remote XSS Vulnerability

Published: 2010-02-02
Last Updated: 2010-02-02 23:58:13 UTC
by Guy Bruneau (Version: 1)
0 comment(s)

This vulnerability (CVE-2010-0440) could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. Cisco has released patches to address the vulnerability as well as workaround to mitigate this risk. The Cisco alert is available here.

The following versions are vulnerable:

- Cisco Secure Desktop versions prior to 3.5
- Cisco ASA appliances are vulnerable only if the Cisco Secure Desktop feature has been enabled
- Cisco ASA appliance versions prior to 8.2(1), 8.1(2.7), and 8.0(5) are vulnerable


-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot org

0 comment(s)
Diary Archives