CVE-2009-1201
Last modified
CVE-2009-1201 is a vulnerability of currently unknown severity. Eval injection vulnerability in the csco_wrap_js function in /+CSCOL+/cte.js in WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 allows remote attackers to bypass a DOM wrapper and conduct cross-site scripting (XSS) attacks by setting CSCO_WebVPN['process'] to the name of a crafted function, aka Bug ID CSCsy80694.. EPSS estimates a 8.83% chance of exploitation in the next 30 days.
Description
Eval injection vulnerability in the csco_wrap_js function in /+CSCOL+/cte.js in WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 allows remote attackers to bypass a DOM wrapper and conduct cross-site scripting (XSS) attacks by setting CSCO_WebVPN['process'] to the name of a crafted function, aka Bug ID CSCsy80694.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Adaptive Security Appliance | 8.0\(4\) |
| Cisco | Adaptive Security Appliance | 8.1.2 |
| Cisco | Adaptive Security Appliance | 8.2.1 |
| Cisco | Adaptive Security Appliance | All versions |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2009-1201?
How severe is CVE-2009-1201?
How do I fix CVE-2009-1201?
Are you affected by CVE-2009-1201?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST