Overview
- Description
- Cross-site scripting (XSS) vulnerability in the WebVPN login page in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun19025.
- Source
- ykramarz@cisco.com
- NVD status
- Analyzed
Social media
- Hype score
1
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 6.1
- Impact score
- 2.7
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
Known exploits
Data from CISA
- Vulnerability name
- Cisco Adaptive Security Appliance (ASA) Cross-Site Scripting (XSS) Vulnerability
- Exploit added on
- Nov 12, 2024
- Exploit action due
- Dec 3, 2024
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8F7FDABB-8C67-4E56-A533-233B50047603"
}
],
"operator": "OR"
}
]
}
]