David Eduardo Acosta Rodriguez has reported a security issue in Cisco ASA, which can be exploited by malicious users to bypass certain security restrictions.
The security issue is caused due to the appliance allowing administrators the option to limit web access via the VPN through obfuscated bookmark URLs. This can be exploited to access apparently restricted URLs obfuscated using the ROT13 cipher.
Solution: Apply web access control lists to group-policies and Dynamic Access Policies. Please see the vendor's advisory for details.
Provided and/or discovered by: David Eduardo Acosta Rodriguez, ISecAuditors
Original Advisory: ISecAuditors:
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to email@example.com