The Clientless SSL VPN portal customization framework in Cisco ASA Software 8.2 prior to 8.2(5.51), 8.3 prior to 8.3(2.42), 8.4 prior to 8.4(7.23), 8.6 prior to 8.6(1.14), 9.0 prior to 9.0(4.24), 9.1 prior to 9.1(5.12), and 9.2 prior to 9.2(2.4) does not properly implement authentication, which allows remote malicious users to modify RAMFS customization objects via unspecified vectors, as demonstrated by inserting XSS sequences or capturing credentials, aka Bug ID CSCup36829.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco adaptive security appliance software 9.1.1.4 |
||
cisco adaptive security appliance software 9.1.4 |
||
cisco adaptive security appliance software 8.6.1.12 |
||
cisco adaptive security appliance software 9.1.3 |
||
cisco adaptive security appliance software 9.1.2 |
||
cisco adaptive security appliance software 9.2.3 |
||
cisco adaptive security appliance software 9.1.1 |
||
cisco adaptive security appliance software 9.1.2.8 |
||
cisco adaptive security appliance software 9.1.5.15 |
||
cisco adaptive security appliance software 9.1.5.10 |
||
cisco adaptive security appliance software 9.2.1 |
||
cisco adaptive security appliance software 9.1.5 |
||
cisco adaptive security appliance software 9.2.2.4 |
||
cisco adaptive security appliance software 9.1.5.12 |
||
cisco adaptive security appliance software 9.1.3.2 |
||
cisco adaptive security appliance software 9.2.2 |
||
cisco adaptive security appliance software 9.2.0 |
||
cisco adaptive security appliance software 8.3.2.40 |
||
cisco adaptive security appliance software 8.3.1 |
||
cisco adaptive security appliance software 8.2.2 |
||
cisco adaptive security appliance software 8.3.1.1 |
||
cisco adaptive security appliance software 8.3.1.6 |
||
cisco adaptive security appliance software 8.2.5.40 |
||
cisco adaptive security appliance software 8.2.1 |
||
cisco adaptive security appliance software 8.2.2.12 |
||
cisco adaptive security appliance software 8.2.5.22 |
||
cisco adaptive security appliance software 8.2.5.33 |
||
cisco adaptive security appliance software 8.2.5.41 |
||
cisco adaptive security appliance software 8.2.4.4 |
||
cisco adaptive security appliance software 8.2.2.10 |
||
cisco adaptive security appliance software 8.3.2.37 |
||
cisco adaptive security appliance software 8.3.2.39 |
||
cisco adaptive security appliance software 8.2.5.26 |
||
cisco adaptive security appliance software 8.3.2 |
||
cisco adaptive security appliance software 8.3.2.33 |
||
cisco adaptive security appliance software 8.2.4 |
||
cisco adaptive security appliance software 8.3.2.41 |
||
cisco adaptive security appliance software 8.2.4.1 |
||
cisco adaptive security appliance software 8.2.3 |
||
cisco adaptive security appliance software 8.3.1.4 |
||
cisco adaptive security appliance software 8.3.2.34 |
||
cisco adaptive security appliance software 8.2.5.50 |
||
cisco adaptive security appliance software 8.2.5 |
||
cisco adaptive security appliance software 8.3.2.13 |
||
cisco adaptive security appliance software 8.2.5.13 |
||
cisco adaptive security appliance software 8.3.2.23 |
||
cisco adaptive security appliance software 8.3.2.31 |
||
cisco adaptive security appliance software 8.3.2.4 |
||
cisco adaptive security appliance software 8.2 |
||
cisco adaptive security appliance software 8.2.2.17 |
||
cisco adaptive security appliance software 8.2.1.1 |
||
cisco adaptive security appliance software 8.2.2.16 |
||
cisco adaptive security appliance software 8.3.2.25 |
||
cisco adaptive security appliance software 8.2.5.46 |
||
cisco adaptive security appliance software 8.2.5.48 |
||
cisco adaptive security appliance software 8.2.0.45 |
||
cisco adaptive security appliance software 8.3 |
||
cisco adaptive security appliance software 8.4.3 |
||
cisco adaptive security appliance software 8.4.4.9 |
||
cisco adaptive security appliance software 8.4.4 |
||
cisco adaptive security appliance software 8.4.1.3 |
||
cisco adaptive security appliance software 8.4.1.11 |
||
cisco adaptive security appliance software 8.4.7.22 |
||
cisco adaptive security appliance software 8.4.2.1 |
||
cisco adaptive security appliance software 8.4.4.1 |
||
cisco adaptive security appliance software 8.4.7 |
||
cisco adaptive security appliance software 8.4.5 |
||
cisco adaptive security appliance software 8.4.7.15 |
||
cisco adaptive security appliance software 8.4.4.5 |
||
cisco adaptive security appliance software 8.4.3.8 |
||
cisco adaptive security appliance software 8.4.3.9 |
||
cisco adaptive security appliance software 8.4.6 |
||
cisco adaptive security appliance software 8.4.5.6 |
||
cisco adaptive security appliance software 8.4.7.3 |
||
cisco adaptive security appliance software 8.4.4.3 |
||
cisco adaptive security appliance software 8.4.2.8 |
||
cisco adaptive security appliance software 8.4.1 |
||
cisco adaptive security appliance software 8.4 |
||
cisco adaptive security appliance software 8.4.2 |
||
cisco adaptive security appliance software 8.6.1 |
||
cisco adaptive security appliance software 8.6.1.13 |
||
cisco adaptive security appliance software 8.6.1.2 |
||
cisco adaptive security appliance software 8.6.1.14 |
||
cisco adaptive security appliance software 8.6.1.10 |
||
cisco adaptive security appliance software 8.6.1.1 |
||
cisco adaptive security appliance software 8.6.1.5 |
||
cisco adaptive security appliance software 8.6 |
||
cisco adaptive security appliance software 9.0.4 |
||
cisco adaptive security appliance software 9.0.4.5 |
||
cisco adaptive security appliance software 9.0.4.7 |
||
cisco adaptive security appliance software 9.0.3.8 |
||
cisco adaptive security appliance software 9.0.4.17 |
||
cisco adaptive security appliance software 9.0.3.6 |
||
cisco adaptive security appliance software 9.0.2.10 |
||
cisco adaptive security appliance software 9.0 |
||
cisco adaptive security appliance software 9.0.1 |
||
cisco adaptive security appliance software 9.0.4.24 |
||
cisco adaptive security appliance software 9.0.2 |
||
cisco adaptive security appliance software 9.0.4.20 |
||
cisco adaptive security appliance software 9.0.3 |
||
cisco adaptive security appliance software 9.0.4.1 |
||
cisco adaptive security appliance software 9.1 |
Customise tool makes screwy GUIs
Crackers are popping customised Cisco virtual private networks, stealing credentials and spraying malware using a flaw reported by Aussie hacker Alec Stuart-Muirk, the company warns. Organisations running the Cisco Clientless SSL VPN portal in customised configurations risk attack if they do not update to versions released 8 October. It's not users' fault their custom rigs are in trouble: Cisco says the flaw (CVE-2014-3393) appeared thanks to improper implementation of authentication checks in t...