CVE-2010-0440: XSS
First published: Wed Feb 03 2010(Updated: )
Cross-site scripting (XSS) vulnerability in +CSCOT+/translation in Cisco Secure Desktop 3.4.2048, and other versions before 3.5; as used in Cisco ASA appliance before 8.2(1), 8.1(2.7), and 8.0(5); allows remote attackers to inject arbitrary web script or HTML via a crafted POST parameter, which is not properly handled by an eval statement in binary/mainv.js that writes to start.html.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Secure Desktop | <3.5 | |
| Cisco Adaptive Security Appliance Software | >=8.1<8.1\(2.7\) | |
| Cisco Adaptive Security Appliance Software | >=8.0<8.0\(5\) | |
| Cisco Adaptive Security Appliance Software | >=8.2<8.2\(1\) | |
| Cisco ASA 5500 CSC-SSM |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://secunia.com/advisories/38397
- http://www.coresecurity.com/content/cisco-secure-desktop-xss
- http://www.securityfocus.com/bid/37960
- http://tools.cisco.com/security/center/viewAlert.x?alertId=19843
- http://www.vupen.com/english/advisories/2010/0273
- http://www.securityfocus.com/archive/1/509290/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2010-0440?
CVE-2010-0440 is classified as a medium severity vulnerability due to its potential to allow remote attackers to inject arbitrary web scripts.
How do I fix CVE-2010-0440?
To mitigate CVE-2010-0440, upgrade Cisco Secure Desktop to version 3.5 or later and ensure your Cisco Adaptive Security Appliance Software is updated to secure versions beyond the specified vulnerable ones.
What types of attacks can exploit CVE-2010-0440?
CVE-2010-0440 can be exploited through cross-site scripting (XSS) attacks that leverage crafted POST parameters.
Which Cisco products are affected by CVE-2010-0440?
CVE-2010-0440 affects Cisco Secure Desktop versions prior to 3.5 and several versions of Cisco Adaptive Security Appliance Software.
Is CVE-2010-0440 a local or remote vulnerability?
CVE-2010-0440 is a remote vulnerability, allowing attackers to exploit it without direct access to the affected systems.
- collector/nvd-historical
- agent/author
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/remedy
- agent/weakness
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- vendor/cisco
- canonical/cisco secure desktop
- canonical/cisco adaptive security appliance software
- version/cisco adaptive security appliance software/8.1
- version/cisco adaptive security appliance software/8.0
- version/cisco adaptive security appliance software/8.2
- canonical/cisco asa 5500 csc-ssm