Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: Cisco Secure Desktop Remote XSS Vulnerability SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Cisco Secure Desktop Remote XSS Vulnerability

This vulnerability (CVE-2010-0440) could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. Cisco has released patches to address the vulnerability as well as workaround to mitigate this risk. The Cisco alert is available here.

The following versions are vulnerable:

- Cisco Secure Desktop versions prior to 3.5
- Cisco ASA appliances are vulnerable only if the Cisco Secure Desktop feature has been enabled
- Cisco ASA appliance versions prior to 8.2(1), 8.1(2.7), and 8.0(5) are vulnerable


-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot org

Guy

482 Posts
ISC Handler
Feb 2nd 2010

Sign Up for Free or Log In to start participating in the conversation!