Cisco VPN3K/ASA WebVPN Clientless Mode Cross-Site Scripting Vulnerability

Cisco VPN 3000 Series Concentrators and ASA 5500 Series Adaptive Security Appliances (ASA) are prone to cross-site scripting attacks via the WebVPN Clientless Mode.

The issue is due to insufficient sanitization of HTML and script code from error messages that are displayed to users. This vulnerability could result in the execution of attacker-supplied HTML and script code in the session of a victim user. In the worst-case scenario, the attacker could gain unauthorized access to the VPN by stealing the WebVPN session cookie.

Cisco tracks this issue as Bug IDs CSCsd81095 and CSCse48193.

Update: Cisco states that WebVPN full-network-access mode is not affected by this issue.


Privacy Statement
Copyright 2010, SecurityFocus