Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Cisco Secure Desktop Remote XSS Vulnerability - SANS Internet Storm Center SANS ISC InfoSec Forums

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Cisco Secure Desktop Remote XSS Vulnerability

This vulnerability (CVE-2010-0440) could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. Cisco has released patches to address the vulnerability as well as workaround to mitigate this risk. The Cisco alert is available here.

The following versions are vulnerable:

- Cisco Secure Desktop versions prior to 3.5
- Cisco ASA appliances are vulnerable only if the Cisco Secure Desktop feature has been enabled
- Cisco ASA appliance versions prior to 8.2(1), 8.1(2.7), and 8.0(5) are vulnerable


Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot org


439 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!