← back
CVE-2009-1201

CVE-2009-1201

EPSS 8.8%
Eval injection vulnerability in the csco_wrap_js function in /+CSCOL+/cte.js in WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 allows remote attackers to bypass a DOM wrapper and conduct cross-site scripting (XSS) attacks by setting CSCO_WebVPN['process'] to the name of a crafted function, aka Bug ID CSCsy80694.
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/33055unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://secunia.com/advisories/35511https://www.trustwave.com/spiderlabs/advisories/TWSL2009-002.txthttp://www.securityfocus.com/archive/1/504516/100/0/threadedhttp://www.securityfocus.com/bid/35476http://www.securitytracker.com/id?1022457http://www.vupen.com/english/advisories/2009/1713