-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 This is message serves as Cisco PSIRT's response to Juan Sacco’s post on Febuary 17 regarding a zero-day exploit on the Cisco ASA.
We would like to thank Juan for reporting these issues to Cisco a couple of weeks ago. We greatly appreciate the opportunity to work with researchers on security vulnerabilities and welcome the opportunity to review and assist in product reports. Juan’s original post is available in the Full Disclosure archives at: http://seclists.org/fulldisclosure/2016/Feb/82 Cisco confirms there is a cross site scripting vulnerability in the webVPN interface of ASA’s running software versions prior to 8.4(7) and 9.1(3). We have verified this issue was published as CVE-2014-2120 and more information is available in cisco bug ID: CSCun19025 (available at: https://tools.cisco.com/bugsearch/bug/CSCun19025.) Cisco previously published a security notice on this vulnerability which is available at: https://tools.cisco.com/security/center/viewAlert.x?alertId=33406. -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJWx2FMAAoJEK89gD3EAJB5pagQAMFD2li/SjDx6CJ6VECEJepN m5j9j6/XJkAzkLt3y2sSOJjtb+5hmlM/ycvGtXzjNqYvsNktJNwW+zLkbG9ZtqC6 D/ejTI3k8H49u/MR0rnZnLcoMPTRsu+wobdmpAYfVWkLnegTsSlZ6PhW/Ctrnktf xNa63n+uvnuan6wBKY9Q89wKUjqTOakvQqxL246jHjYzT0cJwUVfji6HfwRsqLmT tAJTNLqx1Vbk+NU2EC2zdo1Gz8kVF8XghwBbCfNbbj6KrlfyNGHkOIDCyv5YLzty YiZhPk6m8coXeAcEyCqoAwmqoQv2fufb09ZcNIAF1BI/dIjVHi2Qwn2VZwgaSzR8 7V14unbp46uE5XWJ2av9ZJmOEaCmGb85iPeIDZQ2dG9P5DyPIwdzNklF4nfGfTfp ogZvsD9CrdrisQY8xI1S3Xi/B9+vPX4CYRIQnx1rrpfkDZhG+f6FYuOlcCy/Jy8W u/oGwh+6yjSDYUPhTYDTBEGO3lMvnd31ANm/uFvxXJhiIXYa02W4RV+0RWnUj9Na x0+QAXTmwlI38Df4HJnnUhLkKtCft2HH8vfv8ZfnU7IZLBgAozLhAKAF0M4BzeYm fC1WFwVY6XumeexXK6T1kTGxNlxf9NiAJj6yPx6lfsEAuMYfADZ4zLFd1JzBk9TR UvAj8tev4sTcVmji+UPP =mMMo -----END PGP SIGNATURE-----
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
