Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web services interface of an affected device. The vulnerabilities are due to insufficient validation of user-supplied input by the web services interface of an affected device. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive, browser-based information. Note: These vulnerabilities affect only specific AnyConnect and WebVPN configurations. For more information, see the Vulnerable Products section.
2020-10-21T19:15:18.700
2024-11-21T05:31:21.237
Modified
CVSSv3.1: 6.1 (MEDIUM)
AV:N/AC:H/Au:N/C:N/I:P/A:N
4.9
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Operating System | cisco | firepower_threat_defense | < 6.3.0.6 | Yes |
| Operating System | cisco | firepower_threat_defense | < 6.4.0.10 | Yes |
| Operating System | cisco | firepower_threat_defense | < 6.5.0.5 | Yes |
| Operating System | cisco | firepower_threat_defense | < 6.6.1 | Yes |
| Operating System | cisco | adaptive_security_appliance_software | < 9.8.4.29 | Yes |
| Operating System | cisco | adaptive_security_appliance_software | < 9.9.2.80 | Yes |
| Operating System | cisco | adaptive_security_appliance_software | < 9.10.1.44 | Yes |
| Operating System | cisco | adaptive_security_appliance_software | < 9.12.4.4 | Yes |
| Operating System | cisco | adaptive_security_appliance_software | < 9.13.1.13 | Yes |
| Operating System | cisco | adaptive_security_appliance_software | < 9.14.1.30 | Yes |