CISCO : Cisco ASA Clientless SSL VPN Portal Customization Integrity Vulnerability (cisco-sa-20141008-asa)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.105986

Categoría: CISCO

Título: Cisco ASA Clientless SSL VPN Portal Customization Integrity Vulnerability (cisco-sa-20141008-asa)

Resumen: A vulnerability in the Clientless SSL VPN portal customization; framework could allow an unauthenticated, remote attacker to modify the content of the Clientless; SSL VPN portal, which could lead to several attacks including the stealing of credentials,; cross-site scripting (XSS), and other types of web attacks on the client using the affected; system.

Descripción: Summary:
A vulnerability in the Clientless SSL VPN portal customization
framework could allow an unauthenticated, remote attacker to modify the content of the Clientless
SSL VPN portal, which could lead to several attacks including the stealing of credentials,
cross-site scripting (XSS), and other types of web attacks on the client using the affected
system.

Vulnerability Insight:
The vulnerability is due to an improper implementation of
authentication checks in the Clientless SSL VPN portal customization framework. An
unauthenticated, remote attacker could exploit this vulnerability by modifying some of the
customization objects in the RAMFS cache file system.

Vulnerability Impact:
An exploit could allow the attacker to bypass Clientless SSL VPN
authentication and modify the portal content. If successful, the attacker could conduct web-based
attacks against a client using the affected software, which could be used to access sensitive
information.

Affected Software/OS:
Cisco ASA version 8.2, 8.3, 8.4, 8.6, 9.0, 9.1 and 9.2.

Solution:
See the referenced vendor advisory for a solution.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2014-3393
Cisco Security Advisory: 20141008 Multiple Vulnerabilities in Cisco ASA Software
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa

Copyright Copyright (C) 2015 Greenbone Networks GmbH

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.105986
Categoría:	CISCO
Título:	Cisco ASA Clientless SSL VPN Portal Customization Integrity Vulnerability (cisco-sa-20141008-asa)
Resumen:	A vulnerability in the Clientless SSL VPN portal customization; framework could allow an unauthenticated, remote attacker to modify the content of the Clientless; SSL VPN portal, which could lead to several attacks including the stealing of credentials,; cross-site scripting (XSS), and other types of web attacks on the client using the affected; system.
Descripción:	Summary: A vulnerability in the Clientless SSL VPN portal customization framework could allow an unauthenticated, remote attacker to modify the content of the Clientless SSL VPN portal, which could lead to several attacks including the stealing of credentials, cross-site scripting (XSS), and other types of web attacks on the client using the affected system. Vulnerability Insight: The vulnerability is due to an improper implementation of authentication checks in the Clientless SSL VPN portal customization framework. An unauthenticated, remote attacker could exploit this vulnerability by modifying some of the customization objects in the RAMFS cache file system. Vulnerability Impact: An exploit could allow the attacker to bypass Clientless SSL VPN authentication and modify the portal content. If successful, the attacker could conduct web-based attacks against a client using the affected software, which could be used to access sensitive information. Affected Software/OS: Cisco ASA version 8.2, 8.3, 8.4, 8.6, 9.0, 9.1 and 9.2. Solution: See the referenced vendor advisory for a solution. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-3393 Cisco Security Advisory: 20141008 Multiple Vulnerabilities in Cisco ASA Software http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa
Copyright	Copyright (C) 2015 Greenbone Networks GmbH