CVE-2020-3599
published 2020-10-21CVE-2020-3599: A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to…
medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | adaptive_security_appliance | < 9.6.4.45 | 9.6.4.45 |
| cisco | adaptive_security_appliance | — | — |
| cisco | adaptive_security_appliance_software | >= 9.10.0 < 9.10.1.43 | 9.10.1.43 |
| cisco | adaptive_security_appliance_software | >= 9.12.0 < 9.12.4.4 | 9.12.4.4 |
| cisco | adaptive_security_appliance_software | >= 9.13.0 < 9.13.1.13 | 9.13.1.13 |
| cisco | adaptive_security_appliance_software | >= 9.14.0 < 9.14.1.29 | 9.14.1.29 |
| cisco | adaptive_security_appliance_software | >= 9.7.0 < 9.8.4.29 | 9.8.4.29 |
| cisco | adaptive_security_appliance_software | >= 9.9.0 < 9.9.2.80 | 9.9.2.80 |
| cisco | cisco_adaptive_security_appliance_software | — | — |