Cisco Clientless SSL VPN (Secure Desktop) can be misconfigured when disabling the portal toolbar. The Portal toolbar is independent from filtering the actual browser requests. This means that all URL's and plugins are by default allowed even if the administrator only chooses to publish a few bookmarks to key systems where users should have access. This may lead to the possibility of giving unintended access to other systems behind the ASA.
4eb5734d29ebe15392aa7223640755c5c16effc9c7c936299c63698ecdfb737e