Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Cisco Secure Desktop Remote XSS Vulnerability - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Cisco Secure Desktop Remote XSS Vulnerability

This vulnerability (CVE-2010-0440) could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. Cisco has released patches to address the vulnerability as well as workaround to mitigate this risk. The Cisco alert is available here.

The following versions are vulnerable:

- Cisco Secure Desktop versions prior to 3.5
- Cisco ASA appliances are vulnerable only if the Cisco Secure Desktop feature has been enabled
- Cisco ASA appliance versions prior to 8.2(1), 8.1(2.7), and 8.0(5) are vulnerable


Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot org


523 Posts
ISC Handler
Feb 2nd 2010

Sign Up for Free or Log In to start participating in the conversation!