CVE-2009-1203

CVE Database · CVE-2009-1203

CVE-2009-1203

· N/AModified

CVSS v3.1

N/A

EPSS

3.78%

Published

Jun 25, 2009

Modified

Apr 22, 2026

Public PoC / Exploit (1)

All weaponized →

Exploit-DBCisco Adaptive Security Appliance 8.x - Web VPN FTP or CIFS Authentication Form Phishing

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 does not properly distinguish its own login screen from the login screens it produces for third-party (1) FTP and (2) CIFS servers, which makes it easier for remote attackers to trick a user into sending WebVPN credentials to an arbitrary server via a URL associated with that server, aka Bug ID CSCsy80709.

Affected Products (4)

cisco · adaptive_security_appliancevulnerable

References (10)

http://secunia.com/advisories/35511

http://www.securityfocus.com/archive/1/504516/100/0/threaded

http://www.securityfocus.com/bid/35475

Exploit

http://www.securitytracker.com/id?1022457

http://www.vupen.com/english/advisories/2009/1713