Hi This is a question about this vulnerability "Cisco Adaptive Security Appliance WebVPN Login Page Cross-Site Scripting Vulnerability", I have Anyconnect and Webvpn enable on an interface, the running version is 8.4.4 and 8.4.5, the associated bug at this vulnerability is CSCun19025 "ASA WebVPN login page XSS vulnerability" webvpn enable outside anyconnect enable tunnel-group-list enable certificate-group-map Cert_Map_1 10 Employee_Backup_Group What could be the recommended action to take? Thanks for your help Regards
Since there is no technical workaround available from Cisco (according to the BugSearch tool as of 3 April 2014), you will have to rely on mitigating the risk through user education. (The fixed releases noted are all Cisco internal - it looks like the upcoming 9.2 will include a fix but it may be several months before it is released.)
Since the PSIRT indicates the vulnerability is exploited by "convincing a user to access a malicious link", remind you users not to access unknown links - especially not while connected to your WebVPN.
Thank for the information, what if I decided to upgrade, its is possible to upgrade from 8.4 to 9.1.5 ?, this because the bug said that prior to 8.4.7 and 9.1.4 could be affected, or what could be the best version to fix the bug?
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...