CVE-2024-20382

CWE-804 documents4 sources
Severity
6.1MEDIUM
EPSS
0.1%
top 67.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Cisco Cisco Adaptive Security Appliance (asa) SoftwareCisco Cisco Firepower Threat Defense SoftwareCisco Adaptive Security Appliance Software+1 more
Timeline
PublishedOct 23

Description

A vulnerability in the VPN web client services feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a browser that is accessing an affected device. This vulnerability is due to improper validation of user-supplied input to application endpoints. An attacker could exploit this vulnerability by persuading a user to follow a link designed to

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages4 packages

NVDcisco/firepower_threat_defense90 versions+89

🔴Vulnerability Details

2
GHSA
GHSA-qfh3-92rr-375x: A vulnerability in the VPN web client services feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) So2024-10-23
CVEList
CVE-2024-20382: A vulnerability in the VPN web client services feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) So2024-10-23

📋Vendor Advisories

1
Cisco
Cisco Adaptive Security Appliance and Firepower Threat Defense Software VPN Web Client Services Cross-Site Scripting Vulnerabilities2024-10-23