vendor:
Cisco ASA <= 8.x VPN SSL module
by:
David Eduardo Acosta Rodriguez
N/A
CVSS
N/A
Cisco ASA <= 8.x VPN SSL module Clientless URL-list control bypass
N/A
CWE
Product Name: Cisco ASA <= 8.x VPN SSL module
Affected Version From: Cisco ASA <= 8.x
Affected Version To: Cisco ASA <= 8.x
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009
Cisco ASA <= 8.x VPN SSL module Clientless URL-list control bypass
Cisco VPN SSL Clientless lets administrators define rules to specific targets within the private network that WebVPN users will be able to access. This specific targets are published using links in VPN SSL home page. These links (URL) are protected (obfuscated) using a ROT13 substitution and converting ASCII characters to hexadecimal. An user with a valid account and without “URL entry” can access any internal/external resource simply taken an URL, encrypt with ROT 13, convert ASCII characters to hexadecimal and appending this string to Cisco VPN SSL URL.
Mitigation:
Upgrade to Cisco ASA 8.3.1 or later.