Home | FAQ | Contact | Privacy Policy
US-CERT
Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information
 

 View Notes By
Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric

 Other Documents
Technical Alerts

Technical Bulletins

Alerts

Security Tips

Cisco Systems, Inc. Information for VU#261869

Date Notified:2009-09-24
Date Updated:2009-12-17
Statement Date:2009-12-04
Status Summary:Vulnerable

Vendor Statement

The limitations described in VU#261869 affect all vendors offering a truly Clientless SSL VPN solution, including Cisco. Cisco has published a Security Activity Bulletin that provides additional information at the following link:

http://tools.cisco.com/security/center/viewAlert.x?alertId=19500

This bulletin includes links to documentation that guide customers on how to properly configure Clientless SSL VPN deployments for the purpose of accessing trusted resources to avoid getting in to a situation which may cause concern.

Cisco Secure Desktop (CSD) is a multifunctional component of the Cisco SSL VPN solution that can also be used with Clientless connections to protect against these security risks. Additionally, customers can use the Cisco AnyConnect client. Cisco Anyconnect provides remote end users with support of applications and functions unavailable to a clientless, browser-based SSL VPN connection.  Information about CSD and AnyConnect can be found at:

http://www.cisco.com/go/sslvpn.

Vendor Information

Cisco has published information about this issue at:

http://tools.cisco.com/security/center/viewAlert.x?alertId=19500
http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/webvpn.html#wp999589
http://www.cisco.com/en/US/docs/security/asa/asa81/config/guide/webvpn.html#wp999589
http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/webvpn.html#wp999589
http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/svc.html#wp1101982
http://www.cisco.com/en/US/docs/security/asa/asa81/config/guide/svc.html#wp1079707
http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/svc.html#wp1081849

Vendor References

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/webvpn.html#wp999589
http://www.cisco.com/en/US/docs/security/asa/asa81/config/guide/webvpn.html#wp999589
http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/webvpn.html#wp999589
http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/svc.html#wp1101982
http://www.cisco.com/en/US/docs/security/asa/asa81/config/guide/svc.html#wp1079707
http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/svc.html#wp1081849

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

Produced 2012 by US-CERT, a government organization
Disclaimers and copyright information