A vulnerability in the Clientless SSL VPN portal customization framework could allow an
unauthenticated, remote attacker to modify the content of the Clientless SSL VPN portal, which could lead to several attacks including the stealing of credentials, cross-site scripting (XSS), and other types of web attacks on the client using the affected system.
vulnerability is due to a improper implementation of authentication checks in the Clientless SSL VPN portal customization framework. An attacker could exploit this
vulnerability by modifying some of the customization objects in
the RAMFS cache file system. An exploit could allow the attacker to
bypass Clientless SSL VPN authentication and modify the portal content.
Cisco has confirmed the vulnerability in a security advisory and released software updates.
To exploit this vulnerability, a number of specific conditions must be met on the targeted device. An attacker would likely need to obtain knowledge of the targeted device's configurations to exploit the vulnerability.
Cisco has detected attempts to exploit the vulnerability as detailed in a blog post: Cisco PSIRT – Notice about public exploitation of the Cisco ASA Clientless SSL VPN Portal Customization Integrity Vulnerability