CVE-2019-1701 — Cross-site Scripting in Cisco Adaptive Security Appliance Software

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

4.8MEDIUMNVD

EPSS

0.2%

top 63.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Adaptive Security Appliance Software Cisco Firepower Threat Defense Software Cisco Adaptive Security Appliance Software +1 more

Timeline

PublishedMay 3

Latest updateMay 24

Description

Multiple vulnerabilities in the WebVPN service of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the WebVPN portal of an affected device. The vulnerabilities exist because the software insufficiently validates user-supplied input on an affected device. An attacker could exploit these vulnerabilities by persuading a user of the interfac…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages4 packages

▶NVDcisco/adaptive_security_appliance_software9.5 — 9.6.4.25+4

▶CVEListV5cisco/cisco_firepower_threat_defense_softwareunspecified — 6.2.3.12+1

▶CVEListV5cisco/cisco_adaptive_security_appliance_softwareunspecified — 9.4.4.34+4

▶NVDcisco/firepower_threat_defense6.2.1 — 6.2.3.12+1

🔴Vulnerability Details

GHSA

GHSA-xwf3-c99h-p43f: Multiple vulnerabilities in the WebVPN service of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software c↗2022-05-24

▶

CVEList

Cisco Adaptive Security Appliance and Firepower Threat Defense Software WebVPN Cross-Site Scripting Vulnerabilities↗2019-05-03

▶

📋Vendor Advisories

Cisco

Cisco Adaptive Security Appliance and Firepower Threat Defense Software WebVPN Cross-Site Scripting Vulnerabilities↗2019-05-01

▶