CVE-2009-1203
published 2009-06-25CVE-2009-1203: WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 does not properly distinguish its own login screen from…
PriorityP336medium6CVSS 2.0
AVNACMAuSCPIPAP
EXPLOIT
EPSS
3.78%
88.6th percentile
WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 does not properly distinguish its own login screen from the login screens it produces for third-party (1) FTP and (2) CIFS servers, which makes it easier for remote attackers to trick a user into sending WebVPN credentials to an arbitrary server via a URL associated with that server, aka Bug ID CSCsy80709.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | adaptive_security_appliance | — | — |
| cisco | adaptive_security_appliance | — | — |
| cisco | adaptive_security_appliance | — | — |
CVSS provenance
nvdv2.06.0MEDIUMAV:N/AC:M/Au:S/C:P/I:P/A:P
vendor_cisco6.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Cisco
Cisco ASA Adaptive Security Appliance Clientless SSL VPN CIFS and FTP Credential Theft Vulnerability
vendor_cisco·2009-06-24·CVSS 6.0
CVE-2009-1203 [MEDIUM] Cisco ASA Adaptive Security Appliance Clientless SSL VPN CIFS and FTP Credential Theft Vulnerability
Cisco ASA Adaptive Security Appliance Clientless SSL VPN CIFS and FTP Credential Theft Vulnerability
Cisco ASA Adaptive Security Appliance Software versions prior to 8.0.4(34), 8.1.2(25), and 8.2.1(3) that have been configured to accept Clientless SSL VPN connections contain a vulnerability that could allow an unauthenticated, remote attacker to steal user account credentials. Versions 7.x are not affected.
The vulnerability is due to insufficient warnings and restrictions when the software is using Common Internet File System (CIFS) and FTP shares in the SSL VPN feature. If an unauthenticated, remote attacker can convince a user to visit a malicious CIFS or FTP site while the user is logged in to the secure portal, the attacker could use this vulnerability as part of a phishing or spoofi
GHSA
GHSA-rvxp-pm7q-gj4f: WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8
ghsa_unreviewed·2022-05-02
CVE-2009-1203 [MEDIUM] GHSA-rvxp-pm7q-gj4f: WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8
WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 does not properly distinguish its own login screen from the login screens it produces for third-party (1) FTP and (2) CIFS servers, which makes it easier for remote attackers to trick a user into sending WebVPN credentials to an arbitrary server via a URL associated with that server, aka Bug ID CSCsy80709.
Suricata
ET WEB_SERVER Possible Cisco Adaptive Security Appliance Web VPN FTP or CIFS Authentication Form Phishing Attempt
suricata·2010-07-30
CVE-2009-1203 ET WEB_SERVER Possible Cisco Adaptive Security Appliance Web VPN FTP or CIFS Authentication Form Phishing Attempt
ET WEB_SERVER Possible Cisco Adaptive Security Appliance Web VPN FTP or CIFS Authentication Form Phishing Attempt
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SERVER Possible Cisco Adaptive Security Appliance Web VPN FTP or CIFS Authentication Form Phishing Attempt"; flow:established,to_server; http.uri; content:"+CSCOE+/files/browse.html"; nocase; fast_pattern; content:"code=init"; nocase; distance:0; content:"path=ftp"; nocase; distance:0; reference:url,www.securityfocus.com/bid/35475/info; reference:cve,2009-1203; classtype:attempted-user; sid:2010457; rev:9; metadata:attack_target Client_Endpoint, created_at 2010_07_30, cve CVE_2009_1203, deployment Perimeter, confidence Medium, signature_severity Major, tag Phishing, updated_at 2020_11_07;)
http://secunia.com/advisories/35511http://www.securityfocus.com/archive/1/504516/100/0/threadedhttp://www.securityfocus.com/bid/35475http://www.securitytracker.com/id?1022457http://www.vupen.com/english/advisories/2009/1713http://secunia.com/advisories/35511http://www.securityfocus.com/archive/1/504516/100/0/threadedhttp://www.securityfocus.com/bid/35475http://www.securitytracker.com/id?1022457http://www.vupen.com/english/advisories/2009/1713
2009-06-25
Published