CVE-2009-1203

Cisco Adaptive Security Appliance - Credential Phishing via WebVPN Login Screen Spoofing

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-1203. PoCs published by David Byrne.

AI-analyzed exploit summary The exploit describes a phishing vulnerability in Cisco ASA where an attacker can display a fake login window to mislead users. The provided example URL demonstrates the attack vector, but no executable code is included.

Description

WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 does not properly distinguish its own login screen from the login screens it produces for third-party (1) FTP and (2) CIFS servers, which makes it easier for remote attackers to trick a user into sending WebVPN credentials to an arbitrary server via a URL associated with that server, aka Bug ID CSCsy80709.

Exploits (1)

exploitdb WRITEUP VERIFIED

by David Byrne · textremotehardware

https://www.exploit-db.com/exploits/33054

View Code ZIP pw:eip

The exploit describes a phishing vulnerability in Cisco ASA where an attacker can display a fake login window to mislead users. The provided example URL demonstrates the attack vector, but no executable code is included.

Classification

Writeup 90%

Attack Type

Other

Complexity

Trivial

Reliability

Theoretical

Target: Cisco Adaptive Security Appliance (ASA) versions prior to 8.0.4.34 and 8.1.2.25

No auth needed

Prerequisites: Access to a vulnerable Cisco ASA interface · Ability to craft a malicious URL

MITRE ATT&CK

T1566 - Phishing

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/504516/100/0/threaded

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id?1022457

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2009/1713

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/35475

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/35511

Scores

EPSS 0.0378

EPSS Percentile 88.6%

Details

Status published

Products (4)

cisco/adaptive_security_appliance 8.0\(4\)

cisco/adaptive_security_appliance 8.1.2

cisco/adaptive_security_appliance 8.2.1

cisco/adaptive_security_appliance

Published Jun 25, 2009

Tracked Since Feb 18, 2026