Details of VAR-201002-0148

ID

VAR-201002-0148

CVE

CVE-2010-0440

TITLE

Cisco Secure Desktop of +CSCOT+/translation Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2010-001084

DESCRIPTION

Cross-site scripting (XSS) vulnerability in +CSCOT+/translation in Cisco Secure Desktop 3.4.2048, and other versions before 3.5; as used in Cisco ASA appliance before 8.2(1), 8.1(2.7), and 8.0(5); allows remote attackers to inject arbitrary web script or HTML via a crafted POST parameter, which is not properly handled by an eval statement in binary/mainv.js that writes to start.html. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Versions prior to Cisco Secure Desktop 3.5 are vulnerable. Cisco Secure Desktop(CSD) Encryption can reduce remote user logout or SSL VPN After session timeout Cookies , Browser history, temporary files and download content left on the system

Trust: 1.98

sources: NVD: CVE-2010-0440 // JVNDB: JVNDB-2010-001084 // BID: 37960 // VULHUB: VH-CVE-2010-0440

AFFECTED PRODUCTS

vendor:	cisco	model:	secure desktop	scope:	lt	version:	3.5	Trust: 1.8
vendor:	cisco	model:	secure desktop	scope:	eq	version:	3.4.2048	Trust: 1.1
vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	8.0	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	8.2	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	8.2\(1\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	8.1\(2.7\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	8.0\(5\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	8.1	Trust: 1.0
vendor:	cisco	model:	secure desktop	scope:	eq	version:	3.1	Trust: 0.9
vendor:	cisco	model:	secure desktop	scope:	eq	version:	3.1.1	Trust: 0.9
vendor:	cisco	model:	secure desktop	scope:	eq	version:	3.1.1.33	Trust: 0.9
vendor:	cisco	model:	adaptive security appliance	scope:	lt	version:	8.0(5)	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance	scope:	lt	version:	8.1(2.7)	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance	scope:	lt	version:	8.2(1)	Trust: 0.8
vendor:	cisco	model:	secure desktop	scope:	eq	version:	3.2.1	Trust: 0.6
vendor:	cisco	model:	secure desktop	scope:	eq	version:	3.1.1.27	Trust: 0.6
vendor:	cisco	model:	secure desktop	scope:	eq	version:	3.4	Trust: 0.6
vendor:	cisco	model:	secure desktop	scope:	eq	version:	3.2	Trust: 0.6
vendor:	cisco	model:	secure desktop	scope:	eq	version:	3.4.1	Trust: 0.6
vendor:	cisco	model:	secure desktop	scope:	eq	version:	3.4.2	Trust: 0.6
vendor:	cisco	model:	secure desktop	scope:	eq	version:	3.3	Trust: 0.6
vendor:	cisco	model:	secure desktop	scope:	eq	version:	3.1.1.45	Trust: 0.3
vendor:	cisco	model:	secure desktop	scope:	ne	version:	3.5.841	Trust: 0.3

sources: NVD: CVE-2010-0440 // CNNVD: CNNVD-201002-022 // JVNDB: JVNDB-2010-001084 // BID: 37960

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2010-0440
value:	MEDIUM
Trust: 1.8
CNNVD:	CNNVD-201002-022
value:	MEDIUM
Trust: 0.6
VUL-HUB:	VH-CVE-2010-0440
value:	LOW RISK
Trust: 0.1

NVD:	CVE-2010-0440
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	TRUE
version:	2.0
Trust: 1.8
VULHUB:	VH-CVE-2010-0440
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: NVD: CVE-2010-0440 // CNNVD: CNNVD-201002-022 // JVNDB: JVNDB-2010-001084 // VULHUB: VH-CVE-2010-0440

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: NVD: CVE-2010-0440 // JVNDB: JVNDB-2010-001084 // VULHUB: VH-CVE-2010-0440

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201002-022

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201002-022

CONFIGURATIONS

sources: NVD: CVE-2010-0440

EXPLOIT AVAILABILITY

sources: VULHUB: VH-CVE-2010-0440

PATCH

title:

19843

url:

http://tools.cisco.com/security/center/viewalert.x?alertid=19843

Trust: 0.8

sources: JVNDB: JVNDB-2010-001084

EXTERNAL IDS

db:	NVD	id:	CVE-2010-0440	Trust: 2.8
db:	BID	id:	37960	Trust: 2.7
db:	SECUNIA	id:	38397	Trust: 2.4
db:	VUPEN	id:	ADV-2010-0273	Trust: 2.4
db:	JVNDB	id:	JVNDB-2010-001084	Trust: 0.8
db:	CNNVD	id:	CNNVD-201002-022	Trust: 0.7
db:	NSFOCUS	id:	14441	Trust: 0.6
db:	BUGTRAQ	id:	20100201 [CORE-2010-0106] CISCO SECURE DESKTOP XSS/JAVASCRIPT INJECTION	Trust: 0.6
db:	CNVD	id:	CNVD-2010-0188	Trust: 0.1
db:	VULHUB	id:	VH-CVE-2010-0440	Trust: 0.1

sources: NVD: CVE-2010-0440 // CNNVD: CNNVD-201002-022 // JVNDB: JVNDB-2010-001084 // BID: 37960 // VULHUB: VH-CVE-2010-0440

REFERENCES

url:	http://secunia.com/advisories/38397	Trust: 2.4
url:	http://www.securityfocus.com/bid/37960	Trust: 2.4
url:	http://www.vupen.com/english/advisories/2010/0273	Trust: 2.4
url:	http://www.coresecurity.com/content/cisco-secure-desktop-xss	Trust: 1.9
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=19843	Trust: 1.9
url:	http://www.securityfocus.com/archive/1/509290/100/0/threaded	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0440	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-0440	Trust: 0.8
url:	http://www.securityfocus.com/archive/1/archive/1/509290/100/0/threaded	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/14441	Trust: 0.6
url:	http://www.cisco.com	Trust: 0.3

sources: NVD: CVE-2010-0440 // CNNVD: CNNVD-201002-022 // JVNDB: JVNDB-2010-001084 // BID: 37960

CREDITS

Matias Pablo Brutti

Trust: 0.6

sources: CNNVD: CNNVD-201002-022

SOURCES

db:	NVD	id:	CVE-2010-0440
db:	CNNVD	id:	CNNVD-201002-022
db:	JVNDB	id:	JVNDB-2010-001084
db:	BID	id:	37960
db:	VULHUB	id:	VH-CVE-2010-0440

LAST UPDATE DATE

2021-12-18T06:57:44.035000+00:00

SOURCES UPDATE DATE

db:	NVD	id:	CVE-2010-0440	date:	2018-11-15T18:52:00
db:	CNNVD	id:	CNNVD-201002-022	date:	2010-02-05T00:00:00
db:	JVNDB	id:	JVNDB-2010-001084	date:	2010-02-24T00:00:00
db:	BID	id:	37960	date:	2010-01-26T00:00:00
db:	VULHUB	id:	VH-CVE-2010-0440	date:	2018-11-15T00:00:00

SOURCES RELEASE DATE

db:	NVD	id:	CVE-2010-0440	date:	2010-02-03T18:30:00
db:	CNNVD	id:	CNNVD-201002-022	date:	2010-01-26T00:00:00
db:	JVNDB	id:	JVNDB-2010-001084	date:	2010-02-24T00:00:00
db:	BID	id:	37960	date:	2010-01-26T00:00:00
db:	VULHUB	id:	VH-CVE-2010-0440	date:	2010-02-03T00:00:00