Details of VAR-200912-0332

ID

VAR-200912-0332

CVE

CVE-2009-4455

TITLE

Cisco ASA Vulnerability that bypasses access restrictions in default settings

Trust: 0.8

sources: JVNDB: JVNDB-2009-002489

DESCRIPTION

The default configuration of Cisco ASA 5500 Series Adaptive Security Appliance (Cisco ASA) 7.0, 7.1, 7.2, 8.0, 8.1, and 8.2 allows portal traffic to access arbitrary backend servers, which might allow remote authenticated users to bypass intended access restrictions and access unauthorized web sites via a crafted URL obfuscated with ROT13 and a certain encoding. NOTE: this issue was originally reported as a vulnerability related to lack of restrictions to URLs listed in the Cisco WebVPN bookmark component, but the vendor states that "The bookmark feature is not a security feature.". Adaptive Security Appliance 5500 is prone to a security bypass vulnerability. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Cisco ASA WebVPN Bookmark URLs Security Bypass SECUNIA ADVISORY ID: SA37710 VERIFY ADVISORY: http://secunia.com/advisories/37710/ DESCRIPTION: David Eduardo Acosta Rodriguez has reported a security issue in Cisco ASA, which can be exploited by malicious users to bypass certain security restrictions. The security issue is caused due to the appliance allowing administrators the option to limit web access via the VPN through obfuscated bookmark URLs. This can be exploited to access apparently restricted URLs obfuscated using the ROT13 cipher. SOLUTION: Apply web access control lists to group-policies and Dynamic Access Policies. Please see the vendor's advisory for details. PROVIDED AND/OR DISCOVERED BY: David Eduardo Acosta Rodriguez, ISecAuditors ORIGINAL ADVISORY: ISecAuditors: http://archives.neohapsis.com/archives/fulldisclosure/2009-12/0385.html Cisco: http://tools.cisco.com/security/center/viewAlert.x?alertId=19609 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2009-4455 // JVNDB: JVNDB-2009-002489 // BID: 79193 // VULHUB: VHN-41901 // PACKETSTORM: 83988

AFFECTED PRODUCTS

vendor:	cisco	model:	adaptive security appliance 5500	scope:	eq	version:	8.2	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance 5500	scope:	eq	version:	7.1	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance 5500	scope:	eq	version:	8.1	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance 5500	scope:	eq	version:	8.0	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance 5500	scope:	eq	version:	7.0	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance 5500	scope:	eq	version:	7.2	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance	scope:	eq	version:	7.0	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance	scope:	eq	version:	7.1	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance	scope:	eq	version:	7.2	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance	scope:	eq	version:	8.0	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance	scope:	eq	version:	8.1	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance	scope:	eq	version:	8.2	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance	scope:	eq	version:	55008.2	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance	scope:	eq	version:	55008.1	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance	scope:	eq	version:	55008.0	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance	scope:	eq	version:	55007.2	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance	scope:	eq	version:	55007.1	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance	scope:	eq	version:	55007.0	Trust: 0.3

sources: BID: 79193 // JVNDB: JVNDB-2009-002489 // CNNVD: CNNVD-200912-392 // NVD: CVE-2009-4455

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2009-4455
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2009-4455
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200912-392
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-41901
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2009-4455
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-41901
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-41901 // JVNDB: JVNDB-2009-002489 // CNNVD: CNNVD-200912-392 // NVD: CVE-2009-4455

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-41901 // JVNDB: JVNDB-2009-002489 // NVD: CVE-2009-4455

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200912-392

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-200912-392

CONFIGURATIONS

sources: JVNDB: JVNDB-2009-002489

PATCH

title:

19609

url:

http://tools.cisco.com/security/center/viewAlert.x?alertId=19609

Trust: 0.8

sources: JVNDB: JVNDB-2009-002489

EXTERNAL IDS

db:	NVD	id:	CVE-2009-4455	Trust: 2.8
db:	SECTRACK	id:	1023368	Trust: 2.8
db:	SECUNIA	id:	37710	Trust: 2.6
db:	OSVDB	id:	61132	Trust: 2.5
db:	VUPEN	id:	ADV-2009-3577	Trust: 2.5
db:	JVNDB	id:	JVNDB-2009-002489	Trust: 0.8
db:	CNNVD	id:	CNNVD-200912-392	Trust: 0.7
db:	BUGTRAQ	id:	20091217 [ISECAUDITORS SECURITY ADVISORIES] CISCO ASA <= 8.X VPN SSL MODULE CLIENTLESS URL-LIST CONTROL BYPASS	Trust: 0.6
db:	BID	id:	79193	Trust: 0.4
db:	VULHUB	id:	VHN-41901	Trust: 0.1
db:	PACKETSTORM	id:	83988	Trust: 0.1

sources: VULHUB: VHN-41901 // BID: 79193 // JVNDB: JVNDB-2009-002489 // PACKETSTORM: 83988 // CNNVD: CNNVD-200912-392 // NVD: CVE-2009-4455

REFERENCES

url:	http://www.securitytracker.com/id?1023368	Trust: 2.8
url:	http://osvdb.org/61132	Trust: 2.5
url:	http://secunia.com/advisories/37710	Trust: 2.5
url:	http://www.vupen.com/english/advisories/2009/3577	Trust: 2.5
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=19609	Trust: 1.8
url:	http://www.securityfocus.com/archive/1/508530/100/0/threaded	Trust: 1.1
url:	http://www.securityfocus.com/archive/1/archive/1/508530/100/0/threaded	Trust: 0.9
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-4455	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-4455	Trust: 0.8
url:	http://secunia.com/advisories/37710/	Trust: 0.1
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.1
url:	http://archives.neohapsis.com/archives/fulldisclosure/2009-12/0385.html	Trust: 0.1
url:	http://secunia.com/advisories/business_solutions/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.1

sources: VULHUB: VHN-41901 // BID: 79193 // JVNDB: JVNDB-2009-002489 // PACKETSTORM: 83988 // CNNVD: CNNVD-200912-392 // NVD: CVE-2009-4455

CREDITS

Unknown

Trust: 0.3

sources: BID: 79193

SOURCES

db:	VULHUB	id:	VHN-41901
db:	BID	id:	79193
db:	JVNDB	id:	JVNDB-2009-002489
db:	PACKETSTORM	id:	83988
db:	CNNVD	id:	CNNVD-200912-392
db:	NVD	id:	CVE-2009-4455

LAST UPDATE DATE

2025-04-10T23:21:26.285000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-41901	date:	2018-10-10T00:00:00
db:	BID	id:	79193	date:	2009-12-29T00:00:00
db:	JVNDB	id:	JVNDB-2009-002489	date:	2010-02-04T00:00:00
db:	CNNVD	id:	CNNVD-200912-392	date:	2009-12-30T00:00:00
db:	NVD	id:	CVE-2009-4455	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-41901	date:	2009-12-29T00:00:00
db:	BID	id:	79193	date:	2009-12-29T00:00:00
db:	JVNDB	id:	JVNDB-2009-002489	date:	2010-02-04T00:00:00
db:	PACKETSTORM	id:	83988	date:	2009-12-17T14:16:52
db:	CNNVD	id:	CNNVD-200912-392	date:	2009-12-29T00:00:00
db:	NVD	id:	CVE-2009-4455	date:	2009-12-29T23:30:00.390