header-logo
Suggest Exploit
vendor:
Adaptive Security Appliance
by:
SecurityFocus
7.8
CVSS
HIGH
Phishing Attack
601
CWE
Product Name: Adaptive Security Appliance
Affected Version From: Prior to ASA 8.0.4.34 and 8.1.2.25
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: h:cisco:adaptive_security_appliance
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

Cisco Adaptive Security Appliance (ASA) Phishing Vulnerability

An attacker can exploit this issue to display a fake login window that's visually similar to the device's login window, which may mislead users. This issue is tracked by Cisco Bug ID CSCsy80709. The attacker can exploit this issue to set up phishing attacks. Successful exploits could aid in further attacks.

Mitigation:

Upgrade to ASA 8.0.4.34 and 8.1.2.25 or later
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/35475/info

Cisco Adaptive Security Appliance (ASA) is prone to a vulnerability that can aid in phishing attacks.

An attacker can exploit this issue to display a fake login window that's visually similar to the device's login window, which may mislead users.

This issue is tracked by Cisco Bug ID CSCsy80709.

The attacker can exploit this issue to set up phishing attacks. Successful exploits could aid in further attacks.

Versions prior to ASA 8.0.4.34 and 8.1.2.25 are vulnerable.


The following example is available:

/+CSCOE+/files/browse.html?code=init&path=ftp%3A%2F%2F7367632e726b6e7a6379722e70627a