Details of VAR-201006-0014

ID

VAR-201006-0014

CVE

CVE-2009-4910

TITLE

Cisco Adaptive Security Appliances On the device WebVPN Portal cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2010-002863

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the WebVPN portal on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCsq78418. The problem is Bug ID : CSCsq78418 It is a problem.By any third party Web Script or HTML May be inserted. The vulnerabilities include multiple denial-of-service vulnerabilities, multiple buffer-overflow vulnerabilities, authentication-bypass vulnerabilities and a cross-site scripting vulnerability. Exploiting these issues could allow an attacker to deny service to legitimate users, bypass security restrictions and gain unauthorized access, execute arbitrary script code, or steal cookie-based authentication credentials. Other attacks may also be possible

Trust: 1.98

sources: NVD: CVE-2009-4910 // JVNDB: JVNDB-2010-002863 // BID: 41412 // VULHUB: VHN-42356

AFFECTED PRODUCTS

vendor:	cisco	model:	asa 5580	scope:	lte	version:	8.1\(1\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance	scope:	lt	version:	5580 version 8.1(2)	Trust: 0.8
vendor:	cisco	model:	asa 5580	scope:	eq	version:	8.1\(1\)	Trust: 0.6
vendor:	cisco	model:	asa series adaptive security appliance	scope:	eq	version:	55808.1(1)	Trust: 0.3
vendor:	cisco	model:	asa series adaptive security appliance	scope:	eq	version:	55808.1	Trust: 0.3
vendor:	cisco	model:	asa series adaptive security appliance	scope:	ne	version:	55808.1(2)	Trust: 0.3

sources: BID: 41412 // JVNDB: JVNDB-2010-002863 // CNNVD: CNNVD-201006-456 // NVD: CVE-2009-4910

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2009-4910
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2009-4910
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201006-456
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-42356
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2009-4910
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-42356
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-42356 // JVNDB: JVNDB-2010-002863 // CNNVD: CNNVD-201006-456 // NVD: CVE-2009-4910

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-42356 // JVNDB: JVNDB-2010-002863 // NVD: CVE-2009-4910

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201006-456

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201006-456

CONFIGURATIONS

sources: JVNDB: JVNDB-2010-002863

PATCH

title:

asarn812

url:

http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html

Trust: 0.8

sources: JVNDB: JVNDB-2010-002863

EXTERNAL IDS

db:	NVD	id:	CVE-2009-4910	Trust: 2.8
db:	JVNDB	id:	JVNDB-2010-002863	Trust: 0.8
db:	CNNVD	id:	CNNVD-201006-456	Trust: 0.7
db:	BID	id:	41412	Trust: 0.3
db:	VULHUB	id:	VHN-42356	Trust: 0.1

sources: VULHUB: VHN-42356 // BID: 41412 // JVNDB: JVNDB-2010-002863 // CNNVD: CNNVD-201006-456 // NVD: CVE-2009-4910

REFERENCES

url:	http://www.cisco.com/en/us/docs/security/asa/asa81/release/notes/asarn812.html	Trust: 2.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-4910	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-4910	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-42356 // BID: 41412 // JVNDB: JVNDB-2010-002863 // CNNVD: CNNVD-201006-456 // NVD: CVE-2009-4910

CREDITS

Cisco

Trust: 0.3

sources: BID: 41412

SOURCES

db:	VULHUB	id:	VHN-42356
db:	BID	id:	41412
db:	JVNDB	id:	JVNDB-2010-002863
db:	CNNVD	id:	CNNVD-201006-456
db:	NVD	id:	CVE-2009-4910

LAST UPDATE DATE

2024-11-23T21:47:25.172000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-42356	date:	2010-06-30T00:00:00
db:	BID	id:	41412	date:	2009-04-06T00:00:00
db:	JVNDB	id:	JVNDB-2010-002863	date:	2011-09-20T00:00:00
db:	CNNVD	id:	CNNVD-201006-456	date:	2010-07-01T00:00:00
db:	NVD	id:	CVE-2009-4910	date:	2024-11-21T01:10:45.310

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-42356	date:	2010-06-29T00:00:00
db:	BID	id:	41412	date:	2009-04-06T00:00:00
db:	JVNDB	id:	JVNDB-2010-002863	date:	2011-09-20T00:00:00
db:	CNNVD	id:	CNNVD-201006-456	date:	2010-06-29T00:00:00
db:	NVD	id:	CVE-2009-4910	date:	2010-06-29T18:30:01.443