According to Cisco it is CVE-2014-2120, which indicates that much like the
code sort of gave away, it is a bad attempt by a 1337 hax0r to push their
crappy 'exploitpack.com' instead of you know, finding anything useful.
Indeed it is a damn XSS with minimal utility. The crappy code is just the
icin
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Is there a CVE ID for this?
Also what firmware does this effect? I tested this and the input gets
HTML encoded so is nulled.
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
iQIcBAEBCAAGBQJWyuREAAoJEFrCzlP2l9LQ5NAQAI5inAIprg6bkdqN6lvboHUA
Unhp+Kdpg
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
This is message serves as Cisco PSIRT's response to Juan Sacco’s post on
Febuary 17 regarding a zero-day exploit on the Cisco ASA.
We would like to thank Juan for reporting these issues to Cisco a couple of
weeks ago.
We greatly appreciate the op
For folks who want code that runs, I did you all a favor, fixed the ident
issues, removed unused libraries, fixed SSL certificate validation checks
causing failures, fixed typos that prevent running, killed dead code, made
sure it actually used the Port input. All while stripping out the
unnecessar
