WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 does not properly distinguish its own login screen from the login screens it produces for third-party (1) FTP and (2) CIFS servers, which makes it easier for remote attackers to trick a user into sending WebVPN credentials to an arbitrary server via a URL associated with that server, aka Bug ID CSCsy80709.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2009-06-25T17:00:00
Updated: 2024-08-07T05:04:48.991Z
Reserved: 2009-03-31T00:00:00
Link: CVE-2009-1203
Vulnrichment
No data.
NVD
Status : Modified
Published: 2009-06-25T17:30:00.267
Modified: 2018-10-10T19:35:08.230
Link: CVE-2009-1203
Redhat
No data.