![](https://tools.cisco.com/security/center/images/blue-square.png)
AV:N/AC:M/Au:N/C:N/I:P/A:N/E:F/RL:OF/RC:C
-
A vulnerability in the Clientless SSL VPN portal customization framework could allow an unauthenticated, remote attacker to modify the content of the Clientless SSL VPN portal, which could lead to several attacks including the stealing of credentials, cross-site scripting (XSS), and other types of web attacks on the client using the affected system.
The vulnerability is due to a improper implementation of authentication checks in the Clientless SSL VPN portal customization framework. An attacker could exploit this vulnerability by modifying some of the customization objects in the RAMFS cache file system. An exploit could allow the attacker to bypass Clientless SSL VPN authentication and modify the portal content.
Cisco has confirmed the vulnerability in a security advisory and released software updates.
To exploit this vulnerability, a number of specific conditions must be met on the targeted device. An attacker would likely need to obtain knowledge of the targeted device's configurations to exploit the vulnerability.
Cisco has detected attempts to exploit the vulnerability as detailed in a blog post: Cisco PSIRT – Notice about public exploitation of the Cisco ASA Clientless SSL VPN Portal Customization Integrity Vulnerability
-
Cisco has released a security advisory for Cisco bug ID CSCup36829 at the following link: cisco-sa-20141008-asa
Vulnerable Products
The following Cisco Adaptive Security Appliance (ASA) Software releases are affected:
- Cisco ASA Software 8.2 major releases prior to 8.2(5.51)
- Cisco ASA Software 8.3 major releases prior to 8.3(2.42)
- Cisco ASA Software 8.4 major releases prior to 8.4(7.23)
- Cisco ASA Software 8.6 major releases prior to 8.6(1.14)
- Cisco ASA Software 9.0 major releases prior to 9.0(4.24)
- Cisco ASA Software 9.1 major releases prior to 9.1(5.12)
- Cisco ASA Software 9.2 major releases prior to 9.2(2.4)
Products Confirmed Not Vulnerable
No other Cisco products are currently known to be affected by these vulnerabilities.
-
Administrators are advised to apply the appropriate updates.
Administrators are advised to allow only trusted users to have network access.
Administrators can help protect affected systems from external attacks by using a solid firewall strategy.
Administrators may consider using IP-based access control lists (ACLs) to allow only trusted systems to access the affected systems.
Administrators can apply Snort SID 32108 to help prevent attacks that attempt to exploit this vulnerability.
Administrators are advised to monitor affected systems.
-
Cisco customers with active contracts can obtain updates through the Software Center at the following link: Cisco. Cisco customers without contracts can obtain upgrades by contacting the Cisco Technical Assistance Center at 1-800-553-2447
1-800-553-2447 or 1-408-526-7209
1-408-526-7209 or via email at tac@cisco.com.
-
The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.
-
To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.
-
Version Description Section Status Date 2.0 IntelliShield has updated this alert to include Snort signature information. NA Final 2014-Oct-10
-
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
A stand-alone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy, and may lack important information or contain factual errors. The information in this document is intended for end-users of Cisco products.