|
Description
|
|
A vulnerability has been identified in Cisco Secure Desktop, which could be exploited by attackers to execute arbitrary scripting code. This issue is caused by an input validation error when processing POST requests sent to the "translation" script, which could be exploited by attackers to cause arbitrary scripting code to be executed by the user's browser in the security context of an affected site.
Note : Cisco Secure Desktop is a component of Cisco ASA 5500 Series Adaptive Security Appliances. The vulnerability only exists if this feature has been enabled.
|
|
|
|
|
|
Vulnerable Products
|
|
Vulnerable Software:
Cisco Secure Desktop versions prior to 3.5Cisco ASA appliance versions prior to 8.2(1)Cisco ASA appliance versions prior to 8.1(2.7)Cisco ASA appliance versions prior to 8.0(5)
|
|
|
|
|
|
Solution
|
|
Upgrade to Cisco Secure Desktop version 3.5.Upgrade to Cisco ASA 5500 Series Adaptive Security Appliances versions 8.2(1), 8.1(2.7), or 8.0(5).
|
|
|
|
|
|
CVE
|
|
|
|
|
|
|
|
References
|
|
http://tools.cisco.com/security/center/viewAlert.x?alertId=19843
http://www.coresecurity.com/content/cisco-secure-desktop-xss
|
|
|
|
|
|
Vulnerability Manager Detection
|
|
No
|
|
|
|
|
|
IPS Protection
|
|
|
|
|
|
|
