cancel
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
127
Views
0
Helpful
0
Replies

Exploitable Cisco Secure Desktop presence on updated ASA

c3444
Level 1
Level 1

Hi

We have ran into an issue about Cisco Secure Desktop presence in the system.

By running the 

ciscoasa# show webvpn csd
^
ERROR: % Invalid input detected at '^' marker.

we are getting error as the Cisco Secure Desktop (CSD) software is not present.

However the Cisco Secure Desktop software is present within the supported/security patched ASA 9.17.x-9.19.x web interface if  the hostscan in enabled:

https://vpnsite.com/CACHE/sdesktop/install/start.htm

c3444_0-1731404687223.png

According to official announcement by Cisco, the Secure Desktop is EoL:

https://www.cisco.com/c/en/us/obsolete/security/cisco-secure-desktop.html

As we don't detect the CSD service from ASA cli. The web application still shows the presence of CSD software. The CSD is discontinued in 2014 and has many vulnerabilities without patch.

Is the CSD still actually running and is the ASA with current setup still vulnerable for CSD vulnerabilities?

0 Replies 0