CVE-2020-3599 — Cross-site Scripting in Cisco Adaptive Security Appliance

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

6.1MEDIUMNVD

EPSS

0.3%

top 42.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Adaptive Security Appliance Cisco Adaptive Security Appliance Software Cisco Adaptive Security Appliance Software

Timeline

PublishedOct 21

Latest updateMay 24

Description

A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the atta…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

▶NVDcisco/adaptive_security_appliance_software9.7.0 — 9.8.4.29+5

▶CVEListV5cisco/cisco_adaptive_security_appliance_softwaren/a

▶NVDcisco/adaptive_security_appliance< 9.6.4.45

🔴Vulnerability Details

GHSA

GHSA-fxhx-wgc5-xg5f: A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attac↗2022-05-24

▶

CVEList

Cisco Adaptive Security Appliance Software Web-Based Management Interface Reflected Cross-Site Scripting Vulnerability↗2020-10-21

▶

📋Vendor Advisories

Cisco

Cisco Adaptive Security Appliance Software Web-Based Management Interface Reflected Cross-Site Scripting Vulnerability↗2020-10-21

▶