Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
696
Views
0
Helpful
2
Replies

Webvpn Login Page Cross-Site Scripting Vulerability

RICARDO SANCHEZ
Level 1
Level 1

‎04-03-2014 11:04 AM

Hi This is a question about this vulnerability "Cisco Adaptive Security Appliance WebVPN Login Page Cross-Site Scripting Vulnerability", I have Anyconnect and Webvpn enable on an interface, the running version is 8.4.4 and 8.4.5, the associated bug at this vulnerability is CSCun19025 "ASA WebVPN login page XSS vulnerability" webvpn enable outside anyconnect enable tunnel-group-list enable certificate-group-map Cert_Map_1 10 Employee_Backup_Group What could be the recommended action to take? Thanks for your help Regards

Labels:
0 Helpful
2 Replies 2

Marvin Rhoads
Hall of Fame
Hall of Fame

‎04-03-2014 11:52 AM

Since there is no technical workaround available from Cisco (according to the BugSearch tool as of 3 April 2014), you will have to rely on mitigating the risk through user education. (The fixed releases noted are all Cisco internal - it looks like the upcoming 9.2 will include a fix but it may be several months before it is released.)

Since the PSIRT indicates the vulnerability is exploited by "convincing a user to access a malicious link", remind you users not to access unknown links - especially not while connected to your WebVPN.

0 Helpful

RICARDO SANCHEZ
Level 1
Level 1
In response to Marvin Rhoads

‎04-03-2014 12:04 PM

Hi Marvin

Thank for the information, what if I decided to upgrade, its is possible to upgrade from 8.4 to 9.1.5 ?, this because the bug said that prior to 8.4.7 and 9.1.4 could be affected, or what could be the best version to fix the bug?

 

Thanks

 

Regards

 

0 Helpful
Customers Also Viewed These Support Documents