CVE-2006-3073

3 documents3 sources

Severity

2.6LOW

EPSS

1.0%

top 23.19%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco ASA 5500 Cisco VPN 3000 Concentrator Series Software

Timeline

PublishedJun 19

Latest updateMay 1

Description

Multiple cross-site scripting (XSS) vulnerabilities in the WebVPN feature in the Cisco VPN 3000 Series Concentrators and Cisco ASA 5500 Series Adaptive Security Appliances (ASA), when in WebVPN clientless mode, allow remote attackers to inject arbitrary web script or HTML via the domain parameter in (1) dnserror.html and (2) connecterror.html, aka bugid CSCsd81095 (VPN3k) and CSCse48193 (ASA). NOTE: the vendor states that "WebVPN full-network-access mode" is not affected, despite the claims by t…

CVSS vector

AV:N/AC:H/C:N/I:P/A:NExploitability: 4.9 | Impact: 2.9

Affected Packages2 packages

▶NVDcisco/vpn_3000_concentrator_series_software35 versions+34

▶NVDcisco/asa_55007.0, 7.0.4.3, 7.0\(4\)+2

🔴Vulnerability Details

GHSA

GHSA-vxwp-mm7m-9vwm: Multiple cross-site scripting (XSS) vulnerabilities in the WebVPN feature in the Cisco VPN 3000 Series Concentrators and Cisco ASA 5500 Series Adaptiv↗2022-05-01

▶

CVEList

CVE-2006-3073: Multiple cross-site scripting (XSS) vulnerabilities in the WebVPN feature in the Cisco VPN 3000 Series Concentrators and Cisco ASA 5500 Series Adaptiv↗2006-06-19

▶