This vulnerability (CVE-2010-0440) could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. Cisco has released patches to address the vulnerability as well as workaround to mitigate this risk. The Cisco alert is available here.
The following versions are vulnerable:
- Cisco Secure Desktop versions prior to 3.5
Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot org
Feb 2nd 2010
1 decade ago