Cisco ASA Software versions prior to 8.1(2) contain a vulnerability that could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks.
The vulnerability exists due to improper handling of characters within URLs. An unauthenticated, remote attacker could exploit this vulnerability by convincing a user to view a malicious URL. If successful, the attacker could execute arbitrary script within the user's browser in the security context of the affected site.
Proof-of-concept code is available.
Cisco has confirmed this vulnerability in software release notes and released updated software.
To exploit the vulnerability, an attacker must convince a user to view a malicious link. The attacker may provide links within e-mail messages sent to the user. If the user views the link, the attacker could execute arbitrary script code in the user's browser in the security context of the Cisco ASA web interface. An exploit could allow the attacker to gain access to sensitive information such as user credentials or recently submitted data.
Cisco would like to thank Daniel King from SecureWorks for discovering this vulnerability.