Overview
- Description
- Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web services interface of an affected device. The vulnerabilities are due to insufficient validation of user-supplied input by the web services interface of an affected device. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive, browser-based information. Note: These vulnerabilities affect only specific AnyConnect and WebVPN configurations. For more information, see the Vulnerable Products section.
- Source
- ykramarz@cisco.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 6.1
- Impact score
- 2.7
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 2.6
- Impact score
- 2.9
- Exploitability score
- 4.9
- Vector string
- AV:N/AC:H/Au:N/C:N/I:P/A:N
Known exploits
Data from CISA
- Vulnerability name
- Cisco ASA and FTD Cross-Site Scripting (XSS) Vulnerability
- Exploit added on
- Nov 3, 2021
- Exploit action due
- May 3, 2022
- Required action
- Apply updates per vendor instructions.
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2449A498-7072-4C05-8BA9-614A950B3C3E",
"versionEndExcluding": "6.4.0.12"
},
{
"criteria": "cpe:2.3:o:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3DA331CB-9D54-47F9-B48A-36268278C2EE",
"versionEndExcluding": "6.6.4",
"versionStartIncluding": "6.5.0"
},
{
"criteria": "cpe:2.3:o:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "05A1A309-650A-4E6C-AFCE-CD0FB62492D6",
"versionEndExcluding": "6.7.0.2",
"versionStartIncluding": "6.7.0"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A0362F9B-B1B5-405A-A984-09B29B173888",
"versionEndExcluding": "9.8.4.34"
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8A9BFFBC-F577-47CD-83E8-A6227B17D557",
"versionEndExcluding": "9.9.2.85",
"versionStartIncluding": "9.9"
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1C70E158-4028-4CA4-91CB-22E549CFBC07",
"versionEndExcluding": "9.12.4.13",
"versionStartIncluding": "9.10"
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5B74C14F-C95B-4AF5-A255-1CA824AA7FDE",
"versionEndExcluding": "9.13.1.21",
"versionStartIncluding": "9.13"
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "282F4D3B-CCBB-484E-BDEE-C316637E2F21",
"versionEndExcluding": "9.14.2.8",
"versionStartIncluding": "9.14"
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9D2794F2-BC8F-42CC-910A-203BE7B3475F",
"versionEndExcluding": "9.15.1.15",
"versionStartIncluding": "9.15"
}
],
"operator": "OR"
}
]
}
]