cbcvebase.
CVE-2009-1203
published 2009-06-25

CVE-2009-1203: WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 does not properly distinguish its own login screen from…

PriorityP336medium6CVSS 2.0
AVNACMAuSCPIPAP
EXPLOIT
EPSS
3.78%
88.6th percentile
WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 does not properly distinguish its own login screen from the login screens it produces for third-party (1) FTP and (2) CIFS servers, which makes it easier for remote attackers to trick a user into sending WebVPN credentials to an arbitrary server via a URL associated with that server, aka Bug ID CSCsy80709.

Affected

3 ranges
VendorProductVersion rangeFixed in
ciscoadaptive_security_appliance
ciscoadaptive_security_appliance
ciscoadaptive_security_appliance

CVSS provenance

nvdv2.06.0MEDIUMAV:N/AC:M/Au:S/C:P/I:P/A:P
vendor_cisco6.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.