- Description
- Cross-site scripting (XSS) vulnerability in the WebVPN login page in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun19025.
- Source
- ykramarz@cisco.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 6.1
- Impact score
- 2.7
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
Data from CISA
- Vulnerability name
- Cisco Adaptive Security Appliance (ASA) Cross-Site Scripting (XSS) Vulnerability
- Exploit added on
- Nov 12, 2024
- Exploit action due
- Dec 3, 2024
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- Hype score
- Not currently trending
#threatreport #LowCompleteness Old Cisco ASA Vulnerability (CVE-2014-2120) Fuels Androxgh0st Botnet Activity | 04-12-2024 Source: https://t.co/bDqHE5PCeh Key details below ↓ 💀Threats: Androxgh0st, Mozi, 🏭Industry: Iot, E-commerce 🔓CVEs: CVE-2024-42448… https://t.co/MVIvQtR0
@rst_cloud
5 Dec 2024
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2014-2120 #Cisco Adaptive Security Appliance (ASA) Cross-Site Scripting (XSS) Vulnerability https://t.co/OPXmqzAiaI
@ScyScan
12 Nov 2024
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8F7FDABB-8C67-4E56-A533-233B50047603"
}
],
"operator": "OR"
}
]
}
]