Cisco ASA 5500 Clientless SSL VPN: Weak URL Encoding and Dangerous Default Access Policy Vulnerability

Users of Cisco ASA 5500 Clientless SSL VPN please be advised of a Weak URL encoding and dangerous default access policy vulnerability that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com

CSESA-2010-8: [CSESA-2010-8] Cisco Clientless SSL VPN Weak URL encoding and dangerous default access policy

Product: Cisco ASA 5500 Clientless SSL VPN Vulnerability: Weak URL encoding and dangerous default access policy

Cisco Clientless SSL VPN (Secure Desktop) can be misconfigured when disabling the portal toolbar. The Portal toolbar is independent from filtering the actual browser requests. This means that all URL's and plugins are by default allowed even if the administrator only chooses to publish a few bookmarks to key systems where users should have access. This may lead to the possibility of giving unintended access to other systems behind the ASA. The URL is transliterated to permit encoding of the user URL's. This URL is then transmitted inside an already established TLS session. The URL encoding is however easily broken and altered in order to specify alternative URL's that may be of interest. Read more at www.criticalwatch.com

 

See this Amp at http://bit.ly/g6FKLZ