CVE-2020-3582 — Cross-site Scripting in Cisco Adaptive Security Appliance Software

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

6.1MEDIUMNVD

EPSS

0.2%

top 53.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Adaptive Security Appliance Software Cisco Firepower Threat Defense Cisco Adaptive Security Appliance Software

Timeline

PublishedOct 21

Latest updateMay 24

Description

Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web services interface of an affected device. The vulnerabilities are due to insufficient validation of user-supplied input by the web services interface of an affected device. An attacker could exploit these vulnerabilities by…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

▶NVDcisco/adaptive_security_appliance_software9.9 — 9.9.2.80+5

▶CVEListV5cisco/cisco_adaptive_security_appliance_softwaren/a

▶NVDcisco/firepower_threat_defense6.4.0 — 6.4.0.10+3

Patches

Patch: tools.cisco.com ↗Patch: tools.cisco.com ↗

🔴Vulnerability Details

GHSA

GHSA-9cp4-j6jm-4g5r: Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) So↗2022-05-24

▶

CVEList

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Interface Cross-Site Scripting Vulnerabilities↗2020-10-21

▶

📋Vendor Advisories

Cisco

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Interface Cross-Site Scripting Vulnerabilities↗2020-10-21

▶