Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 does not properly distinguish its own login screen from the login screens it produces for third-party (1) FTP and (2) CIFS servers, which makes it easier for remote attackers to trick a user into sending WebVPN credentials to an arbitrary server via a URL associated with that server, aka Bug ID CSCsy80709.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Cisco ASA设备FTP或CIFS认证表单凭据泄露漏洞
Vulnerability Description
Cisco自适应安全设备(ASA)是可提供安全和VPN服务的模块化平台 。 当用户使用Web VPN访问FTP或CIFS目标时,所生成的URL中目标资源类型(scheme)和主机名首先经过Rot13编码,然后16进制编码后放在ASA的URL中。以下URL试图连接到ftp.example.com: /+CSCOE+/files/browse.html?code=init&;path=ftp%3A%2F%2F7367632e726b6e7a6379722e70627a ASA首先试图使用匿名凭据连接到FTP服
CVSS Information
N/A
Vulnerability Type
N/A