Buy or Renew
Buy or Renew
Cisco Community present at Cisco Live EMEA 2023. See you in Amsterdam! Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
515
Views
0
Helpful
2
Replies

Webvpn Login Page Cross-Site Scripting Vulerability

RICARDO SANCHEZ
Beginner
Beginner

‎04-03-2014 11:04 AM

Hi This is a question about this vulnerability "Cisco Adaptive Security Appliance WebVPN Login Page Cross-Site Scripting Vulnerability", I have Anyconnect and Webvpn enable on an interface, the running version is 8.4.4 and 8.4.5, the associated bug at this vulnerability is CSCun19025 "ASA WebVPN login page XSS vulnerability" webvpn enable outside anyconnect enable tunnel-group-list enable certificate-group-map Cert_Map_1 10 Employee_Backup_Group What could be the recommended action to take? Thanks for your help Regards

Labels:
0 Helpful
2 Replies 2

Marvin Rhoads
VIP Community Legend VIP Community Legend
VIP Community Legend

‎04-03-2014 11:52 AM

Since there is no technical workaround available from Cisco (according to the BugSearch tool as of 3 April 2014), you will have to rely on mitigating the risk through user education. (The fixed releases noted are all Cisco internal - it looks like the upcoming 9.2 will include a fix but it may be several months before it is released.)

Since the PSIRT indicates the vulnerability is exploited by "convincing a user to access a malicious link", remind you users not to access unknown links - especially not while connected to your WebVPN.

0 Helpful

RICARDO SANCHEZ
Beginner
Beginner
In response to Marvin Rhoads

‎04-03-2014 12:04 PM

Hi Marvin

Thank for the information, what if I decided to upgrade, its is possible to upgrade from 8.4 to 9.1.5 ?, this because the bug said that prior to 8.4.7 and 9.1.4 could be affected, or what could be the best version to fix the bug?

 

Thanks

 

Regards

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Spotlight Award Nomination
Customers Also Viewed These Support Documents